The California Consumer Privacy Act (“CCPA”), which goes into effect January 1, 2020, is the most significant data privacy legislation in the United States. It will impose onerous transparency and individual rights requirements on most companies that collect, sell, or disclose the “personal information” of California consumers. And, it provides for hefty regulatory fines and a private right of action (which means private parties, and not just the California Attorney General, can bring a lawsuit based on CCPA violations). This article covers some of the key compliance obligations for businesses that will be subject to the CCPA.
As the rock band “Europe” might say: it’s the final countdown to EU’s General Data Protection Regulation (GDPR). At least that’s how I’ve been singing their song. The GDPR is the biggest change in data privacy law in more than 20 years, and businesses around the world have been gearing up for it since it was published in May of 2016. We’re now only about 200 days away from the GDPR being enforced on May 25, 2018, and many businesses in the US that will need to comply with it still have their work cut out for them (the GDPR is over 200 pages long!).
Perhaps the easiest way for a business to find itself on a collision course with the Federal Trade Commission (FTC) is to make deceptive claims about its privacy and cybersecurity practices. Earlier this month, Uber agreed to a settlement with the FTC for doing just that.
Businesses that adhere to sound privacy principles are not only more likely to stay off the FTC’s radar, but will also be making a sound business decision. While consumer data can be valuable to your business, it is also valued by consumers. And, with today’s constant news of privacy mishaps, privacy has become a competitive differentiator upon which businesses can easily capitalize.
Earlier this month, the United States Supreme Court agreed to review whether people have a reasonable expectation of privacy in their cell phone location data that is shared with cell phone service providers. While the case, Carpenter v. United States, is a criminal case, its outcome could have a significant impact on broader privacy issues.
Over the weekend a massive ransomware cyberattack hit over 200,000 victims in more than 150 countries. As I’ve said before, I believe that the frequency of these attacks will increase, and the ransom demands will grow. Given that many experts believe that the scope of this latest attack may continue to spread on Monday as people return to work, here are some basic tips.