The California Consumer Privacy Act (“CCPA”), which goes into effect January 1, 2020, is the most significant data privacy legislation in the United States. It will impose onerous transparency and individual rights requirements on most companies that collect, sell, or disclose the “personal information” of California consumers. And, it provides for hefty regulatory fines and a private right of action (which means private parties, and not just the California Attorney General, can bring a lawsuit based on CCPA violations). This article covers some of the key compliance obligations for businesses that will be subject to the CCPA.
As the rock band “Europe” might say: it’s the final countdown to EU’s General Data Protection Regulation (GDPR). At least that’s how I’ve been singing their song. The GDPR is the biggest change in data privacy law in more than 20 years, and businesses around the world have been gearing up for it since it was published in May of 2016. We’re now only about 200 days away from the GDPR being enforced on May 25, 2018, and many businesses in the US that will need to comply with it still have their work cut out for them (the GDPR is over 200 pages long!).
Perhaps the easiest way for a business to find itself on a collision course with the Federal Trade Commission (FTC) is to make deceptive claims about its privacy and cybersecurity practices. Earlier this month, Uber agreed to a settlement with the FTC for doing just that.
Businesses that adhere to sound privacy principles are not only more likely to stay off the FTC’s radar, but will also be making a sound business decision. While consumer data can be valuable to your business, it is also valued by consumers. And, with today’s constant news of privacy mishaps, privacy has become a competitive differentiator upon which businesses can easily capitalize.
Earlier this month, the United States Supreme Court agreed to review whether people have a reasonable expectation of privacy in their cell phone location data that is shared with cell phone service providers. While the case, Carpenter v. United States, is a criminal case, its outcome could have a significant impact on broader privacy issues.
Last week President Trump signed a Congressional resolution that overturned internet privacy rules promulgated by the Federal Communications Commission (FCC) during the Obama administration in 2016. The rules would have made it more difficult for broadband internet service providers (ISPs) to track, use, and sell information about its customers’ online activities. This article will cover what happened, what it means, and what may happen next.
As a follow-up to my last blog post (key cybersecurity and data privacy events of 2016), I’ll take a look ahead at what 2017 has in store. Buckle up, because 2017 will be eventful.