As the nation closely watches the election results coming in, the majority of votes counted in California suggest that the California Privacy Rights Act of 2020 (“CPRA”, or commonly known as “CCPA 2.0”), is on track to pass. Proposition 24
Data Privacy & Security Observer
Legal Developments and Thought Leadership in Data Privacy and Cyber Security
Latest from Data Privacy & Security Observer - Page 2
California Attorney General Proposes Third Set of Modifications to CCPA Regulations
On October 12, 2020, California’s Attorney General proposed a third set of modifications to California Consumer Privacy Act (“CCPA”) regulations. These proposed modifications come nearly two months after the final regulations were approved and made effective by the California Office…
OCC Issues $400 Million Civil Penalty in Consent Order with Citibank Over Risk and Data Governance
On October 7, 2020, The Office of the Comptroller of the Currency (“OCC”) announced that it had assessed a $400 million civil penalty against Citibank, N.A. regarding alleged deficiencies in its enterprise-wide risk management and data governance programs and its…
Brazil’s Data Protection Law (“LGPD”) Retroactively Effective
On September 18, 2020, Brazil’s data protection law (Lei Geral de Proteção de Dados Pessoais, or “LGPD”) became retroactively effective August 16, 2020. Penalties do not begin until August 1, 2021, based on a previous delay passed by Brazil’s legislature.…
California Advances Bills Extending CCPA Employee / B2B Exemption and Regulating Contact Tracing
On August 19, 2020, the California State Assembly on Appropriations ordered to a second reading Assembly Bill (“AB”) 1281, which would extend the exemption of the California Consumer Privacy Act (“CCPA”) in relation to employee information and business-to-business (“B2B”) transactions…
Final CCPA Regulations Approved by California OAL, Effective Immediately
On Friday, August 14, 2020, the California Attorney General released the final CCPA regulations issued under the California Consumer Privacy Act of 2018 (“CCPA”) as approved by the California Office of Administrative Law (“OAL”), and filed them with the California…
European Union and U.S. Department of Commerce to Re-Evaluate Enhanced EU-U.S. Privacy Shield
Yesterday, on August 10, 2020, the European Commission (“Commission”) and the Department of Commerce (“DoC”) issued a joint statement announcing they are beginning discussions to evaluate potential enhancements to the EU-U.S. Privacy Shield framework. These discussions have begun to address…
Vermont Amends Data Breach Notification Law, Enacts Student Privacy Act
Vermont Amends Data Breach Notification Law
On July 1, 2020, amendments to Vermont’s Security Breach Notice Act, 9 V.S.A. §§ 2330 & 2335, took effect along with a new “Student Online Personal Information Protection Act.”
Key amendments to the security…
Berlin Data Protection Authority Halts Berlin-U.S. Data Transfers Following Schrems II Decision
We previously posted on yesterday’s Schrems II decision issued by the Court of Justice of the European Union (CJEU). Today (Jun 17, 2020), the Berlin data protection authority (Berlin DPA) went even further than the CJEU opinion, issuing a statement…