In August, the California Privacy Protection Agency (CPPA) released its initial draft regulations for cybersecurity audits and risk assessments under the California Privacy Rights Act (CPRA). While the CPPA has not yet commenced its formal rulemaking process for these regulations, once finalized, businesses will be required to perform annual cybersecurity audits and regularly submit risk
The CPPA is Investigating Connected Automobiles
The California Privacy Protection Agency’s (CPPA) Enforcement Division is conducting a review of data privacy practices by connected vehicle manufacturers and related technologies. The CPPA, which was established by the 2018 California Privacy Rights Act, has been primarily focused on developing regulations. This investigation marks its first significant enforcement effort.
Connected vehicles, with features like…
California Privacy Protection Agency Announces CCPA Enforcement Focus
A plan for an enforcement program under the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) (collectively CCPA) is on its way from the California Privacy Protection Agency (CPPA). Despite a recent court ruling that the enforcement of some of the amendments under the CPRA cannot begin until March 2024, last week the CPPA…
We Might Be Close to Final CPRA Regulations, with More to Come
The California Privacy Protection Agency (CPPA) Board will hold its third public hearing on February 3, 2023, at 10 am PST.
The meeting will open with the Chairperson’s Update, during which CPPA Chairperson Jennifer Urban will likely address the status of the delayed California Privacy Rights Act (CPRA) regulations. Chairperson Urban is also a…
California Businesses Start 2023 with CPRA Requirements Without Official Regulations
Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional consumer rights and business obligations. The CPRA also established a new government agency, the California Privacy Protection Agency (CPPA), responsible…
California Businesses Start 2023 with CPRA Requirements without Official Regulations
Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process [view related post]. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional consumer rights and business obligations. The CPRA also established a new government agency, the California Privacy…
Colorado AG Updates Draft Rules for Colorado Privacy Act
Colorado Attorney General Phil Weiser’s office recently published an updated version of the draft rules governing the Colorado Privacy Act, which goes into effect on July 1, 2023. The updates build upon the original draft rules published on October 10, 2022, and are based on input received by the AG’s office through December 2, 2022.…
California’s “Do Not Track” Mandate Does Not Please Businesses
Since the California Privacy Protection Agency (CPPA) released its draft regulations pursuant to the California Privacy Rights Act (CPRA), the biggest gripe from businesses has been the website tracking opt-out requirements. Recognition of opt-out requests from consumers could potentially cost companies some significant dollars.
The CPRA amends the California Consumer Privacy Act of 2020 and…
Popular Tax e-Filing Sites Reportedly Sent Tax Info to Meta
According to reporting from the Verge and the Markup, several popular e-filing providers have been transmitting sensitive financial information to Meta through Meta Pixel. Meta Pixel is a free advertising analytics service offered by Meta that, similar to cookie files and other persistent user identifiers, collects personalized data about how the users interact with content…
Facebook Is Removing Some Sensitive Information from Public Profiles
Starting December 1, Facebook reportedly will remove several biographic details from user profiles, including “Religious views,” “Political views,” “Interested in” (indicating the user’s sexual orientation), and “Address.” Many state privacy laws, including California’s Privacy Rights Act, restrict how businesses can collect and use these types of sensitive personal information. Facebook has not confirmed why it…