We are officially six months away from the California Privacy Rights Act (“CPRA”) taking effect and amending the California Consumer Privacy Act (“CCPA”).  Even for companies that have grown comfortable with requirements under the CCPA, the CPRA changes require planning and preparation.  With CPRA taking effect on January 1, 2023, here are six tips to begin that preparation:
Continue Reading Are You Ready for CPRA? 6 Tips for the Final 6 Months

By now, we are used to seeing notifications on our phones asking whether we would like certain applications to track our activity across other companies’ apps and websites. Typically, these tracking tools are used to examine and assess advertising efficiency. Although beneficial marketing tools, companies must be mindful of how tracking tools are used on their platform to avoid infringing on individuals’ data privacy rights.

Recently, Canadian regulators found that Tim Hortons, a coffee and bake shop chain, violated Canada’s federal privacy laws, including Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), by tracking customers’ (who downloaded its app) movement every few minutes of every day. Following an app update in May 2019, the company allegedly tracked users not only when using the app, but whenever individuals’ devices were turned on –collecting massive amounts of location data without users’ knowledge.

Continue Reading In Hot Water, eh? Canadian Regulators Investigate Tim Horton’s Tracking of App Users

It was not long ago that data privacy was an afterthought for many companies, and in some regards, it may still be an afterthought. Since 2018, major laws and regulations governing companies’ collection, use, and disclosure of personal information have been enacted, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) (amended by the California Privacy Rights Act, and soon to be joined by similar state privacy laws in Colorado, Connecticut, Indiana, Virginia, and Utah), Strengthening American Cybersecurity Act, and state data breach notification laws.
Continue Reading The Changing Landscape of Privacy and Data Security in Mergers and Acquisitions

Recently, multiple states have enacted and passed new data privacy laws and bills (Colorado, Virginia, Utah, California Privacy Rights Act, Connecticut, Indiana, and Ohio). Rightfully so, these laws and bills have garnered much of the media attention. However, in the midst of all the new state data privacy laws, new bills regulating “data brokers” have begun to emerge. To no surprise, California is leading the way with its Data Broker Registration Law, which was enacted in 2019.
Continue Reading Am I A Data Broker?: A Quick Primer on State Laws Regulating a Growing Industry

The CCPA has been up and running for a couple of years now, with changes coming in 2023 with the amendments from the Consumer Privacy Rights Act (CPRA).  While a federal law is always being teased and
other states coming online in 2023
, California remains the state privacy law by which to assess and manage compliance when processing personal data.

So, as you might imagine, loads of questions and anxiety over the country’s most comprehensive state privacy regulation continue to keep us busy.  This prompted us to provide a simple 3-step process to determine if the law applies to your business (now, in 2023, or beyond), what you need to do to meet the law’s requirements, and how to begin considering a national approach to data privacy governance.  While no summary can capture every aspect of developing a compliance plan, we hope the following resources are helpful in getting your arms around managing privacy and meeting the (applicable) requirements of the California laws.
Continue Reading Breaking Down the California Consumer Privacy Act (CCPA)