This week, the California Superior Court ruled that the California Privacy Protection Agency (CPPA) cannot begin enforcement of the California Privacy Rights Act (CPRA) until March 2024. The ruling stems from a lawsuit filed by the California Chamber of Commerce which argued that state businesses would not have enough time to prepare for the upcoming
California
California Businesses Start 2023 with CPRA Requirements without Official Regulations
Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process [view related post]. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional consumer rights and business obligations. The CPRA also established a new government agency, the California Privacy…
Colorado AG Updates Draft Rules for Colorado Privacy Act
Colorado Attorney General Phil Weiser’s office recently published an updated version of the draft rules governing the Colorado Privacy Act, which goes into effect on July 1, 2023. The updates build upon the original draft rules published on October 10, 2022, and are based on input received by the AG’s office through December 2, 2022.…
Chula Vista Policy to Protect Residents from Certain Surveillance Technology
The City Council of Chula Vista, California (in the San Diego metropolitan area), announced a new policy governing how city law enforcement can use technology to protect residents from data collected by surveillance equipment. The policy was developed by a city task force after the police department began using Automated License Plate Readers in 2020…
Samsung Sued Under CCPA
A class action lawsuit, Seirafi et al v. Samsung Electronics America, Inc., Case 4:22-cv-05176-KAW, filed recently in the Northern District of California, alleges that Samsung’s unnecessary personal information collection, and failure to secure that information, violate the California Consumer Privacy Act (CCPA). This lawsuit was inspired by two recent data breaches that allegedly included personal…
California Law Prohibits Cooperation with Out-of-State Entities Regarding Lawful Abortion
In response to Dobbs v. Jackson Women’s Health Organization, California Governor Gavin Newsom recently signed AB 1242 into law, which “prohibits law enforcement and California corporations from cooperating with out-of-state entities regarding a lawful abortion in California.”
In particular, AB 1242 prohibits California companies that provide electronic communication services from complying with out-of-state requests…
Sephora Settles with California AG for CCPA Violations over Sale of Data
In the first of its kind under the California Consumer Privacy Act (CCPA), Sephora settled an enforcement action with the California Attorney General for violation of the CCPA. Sephora must pay $1.2 million in penalties and implement a CCPA compliance program. The enforcement action alleged that Sephora permitted third parties to create customer profiles that…
Another Data Breach Lawsuit for Lakeview Loan Servicing
A December 2021 breach of Lakeview Loan Servicing’s customer data has led to another proposed class action against the company in the U.S. District Court for the District of South Carolina. The breach affected the personal information of more than 2.5 million customers.
Plaintiffs Anthony Teresa Oglesby allege that their names, addresses, loan numbers, and…
SuperCare Health Hit with Another Data Breach Class Action
In the U.S. District Court for the Central District of California last week, SuperCare Health, Inc. was hit with another proposed class action based on a data breach that allegedly compromised the personal and health information of over 300,000 current and former patients. SuperCare Health is a respiratory-care provider.
Lead plaintiff, Hamid Shalviri, alleges that…
FTC Chair Signals Crackdown on Confusing Privacy Policies
At the International Association of Privacy Professionals Global Privacy Summit earlier this week, Federal Trade Commission Chair Lina Khan rounded out her first year on the job by calling out “overwhelming” consumer privacy policies. While nearly every company online must post a privacy policy, many of these policies are written in dense legal jargon that…