Data Privacy Dish

Updates on the Evolving Data Protection Landscape

Latest from Data Privacy Dish - Page 2

Litigants traditionally look to the rules of civil procedure in order to get discovery in a litigation. Plaintiff’s attorneys have, however, begun to try to circumvent restrictions within the discovery rules that are designed to limit the number, type, and timing of information requests, by sending out “access requests” on behalf of their clients under the California Consumer Privacy Act (CCPA). Nothing within the legislative history of the CCPA suggests that it was intended to replace…
For an entity to be considered a “business” under the CCPA, it must meet one of three thresholds. One of those thresholds is whether the entity “annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.”1 The CPRA modified the threshold such that, as of Jan. 1, 2023, an entity would need to buy, sell,…
Probably not. Some companies have objected to the CCPA’s definition of “business,” which purports to treat some affiliated companies that utilize common branding as a single business for the purpose of the Act. Specifically, they have pointed out that there are situations in which corporate affiliates that share common branding might be of disparate size such that Affiliate A has revenues that exceed the minimum set by the CCPA and, thus, would be covered by…
Greenberg Traurig invites you to join us for an informative discussion on the recently enacted Proposition 24, the California Privacy Rights Act (CPRA), and how it builds on the compliance issues created by the California Consumer Privacy Act (CCPA). Thursday, Jan. 14, 2021 10:00 – 10:30 a.m. MST / 12:00 – 12:30 p.m. EST During this webinar, you will learn about how retailers have responded to the CCPA, and the additional requirements that the…
Maybe. “Tokenization” refers to the process by which you replace one value (e.g., a credit card number) with another value that would have “reduced usefulness” for an unauthorized party (e.g., a random value used to replace the credit card number).[1] In some instances, tokens are created through the use of algorithms, such as hashing techniques. Information is not considered “personal information” under the CCPA if it has been “deidentified.”[2] Deidentification means that the…
Yes. In order to help businesses, understand and benchmark industry practice, Greenberg Traurig LLP analyzed the privacy policies of companies within the Fortune 500. As of December 2020, there was significant divergence between the rates at which companies in different industry sectors had updated their privacy policies to account for the CCPA. While all of the members of some industries (e.g., software, retail, and insurance) had updated their privacy policy, few of the members of…
Amid the pandemic and the barrage of pandemic-related news, it has been easy to overlook the reports of a massive security incident that could potentially affect thousands of companies’ data. Beginning the week of December 7th, several prominent data breaches were reported by companies and government agencies, including the Department of Homeland Security. Continue reading the full article, “The Compromise of SolarWinds Orion,” published in Wolters Kluwer’s Strategic Perspectives.…
In order to help businesses understand and benchmark industry practice, Greenberg Traurig, LLP analyzed the privacy policies of companies within the Fortune 500. As of December 2020 – 12 months after the CCPA had gone into effect and six months after the CCPA became enforceable – 71.8% of the companies within the Fortune 500 had updated their privacy policies to account for the CCPA.1 It is not clear whether the rate at which Fortune…
The CCPA requires that a business include 15 specific disclosures in its privacy policy. These include, for example, disclosures relating to the enumerated categories of personal information that the business collects, the categories of personal information that are shared with service providers or other third parties, and consumers’ ability to request access to and deletion of their information. The CPRA amended the CCPA to require that by January 1, 2023, companies include the following disclosure:…
The regulations implementing the CCPA require that “[e]very business . . . shall provide a privacy policy in accordance with the CCPA and the [regulations].”1 The regulations clarify that a business meets its obligation to “provide” a privacy policy by posting the policy online or, if it does not operate a website, “mak[ing] the privacy policy conspicuously available to consumers.”2 It is important to note that making a privacy policy “conspicuously available” does…