We all know businesses collect our data. But did you know that businesses can draw inferences from those data to determine whether a consumer is married, or is a homeowner, or is a likely voter? Recently, the question arose whether those inferences constitute personal information under the California Consumer Privacy Act of 2018 (CCPA or

On March 2, 2022, California Attorney General Rob Bonta urged individuals affected by the T-Mobile breach in 2021 to take advantage of resources to assist with preventing or responding to identity theft. According to the consumer alert, more than 53 million individuals were affected by the breach, including over 6 million California residents. The compromised

In a recent report by the Association of Corporate Counsel, a survey of chief legal counsels provided confirmation of what we’ve been saying for a while: expectations of increased regulatory enforcement, and privacy and cybersecurity are driving organizations to dedicate more efforts to compliance. In fact, 64 percent of those surveyed responded that they expected

The European Union’s General Data Protection Regulation (GDPR) first launched the concept of data minimization, which states that a data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specified purpose. This seems like a simple concept: an entity should only collect personal information that is

California Attorney General Rob Bonta is serious about compliance with the California Consumer Privacy Act (CCPA). So serious, that on January 28, 2022, also known as Data Privacy Day, he announced that his office was commencing an investigative “sweep” of “businesses operating loyalty programs in California” and sent notices of noncompliance to businesses requiring them

IDTechEx, which provides market research on emerging technology, analyzed California Department of Motor Vehicles (DMV) autonomous vehicle collision reports. Per California regulation, every company testing autonomous vehicles in California must notify the state’s DMV of any collision. IDTechEx reviewed those reports, which cover about a two-and-a-half-year period. James Jeffs, IDTechEx’s technology analyst, said that “[i]t