Privacy & Data Security

California Consumer Privacy Act

CCPA Compliance News

Fox Rothschild monitors the latest developments in California's implementation and enforcement of the California Consumer Privacy Act (CCPA) to keep clients ahead of the compliance curve. The law took effect on Jan. 1, 2020, but California state lawmakers continue to consider amendments and other measures that could affect companies' obligations. Check this page for updates from our Privacy Compliance & Data Security Blog:

Recent Blog Posts

  • California Issues Fourth Set of Amendments to CCPA Regulations On the first night of Hannukah, the California Department of Justice gave to me … a fourth set of amendments to California Consumer Privacy Act regulations … and a form opt out button (!?) Key changes: Offline notice:  A business that sells personal information that it collects in the course of interacting with consumers offline shall also inform consumers by an offline method of their right to opt out and provide instructions on how to submit a request to opt out. If in... More
  • Interactive Advertisers Share Industry’s CCPA Compliance Benchmarks Some thoughts from the interactive ad industry on CCPA compliance from a new IAB CCPA Benchmark survey. Allowing the placement of third party trackers for the purpose of advertising is likely a sale. Participants down the advertising chain are sometimes “businesses,” sometimes “service providers” and sometimes “third parties.” Many give CCPA rights to individuals outside California. Deeper dive into these and other insights from the IAB CCPA Benchmark survey in this client alert.... More
  • CCPA Amendments Address Deidentified Health Data California lawmakers recently passed legislation that amends the California Consumer Privacy Act. “The most significant outcome of AB 713’s passage is that, pending California Gov. Gavin Newson’s signature, information that is deidentified is exempt from regulation under the CCPA if the information is (1) derived from patient information that is protected under HIPAA, the California Confidentiality of Medical Information Act, or the Federal Policy for the Protection of Human Subjects, also known as the Common Rule; and (2) created pursuant to... More
  • Illinois Attorney General Discusses New Data Breach Law, Future Privacy Legislation “The Illinois General Assembly has evaluated numerous proposals similar to the CCPA. Illinoisans want to know that their personal information is protected, and they have a right to know who is collecting their data, for what purpose, and within reason, a right to request that data to be deleted if it is not needed. I will continue to work with the industries that collect this data to develop policies that afford consumers basic data protection rights that are also feasible... More
  • Newsom Signs CCPA Employee and B2B Carve-Out Extensions AB1281, the California Consumer Privacy Act amendment extending the employee and B2B carve-outs, has been signed by Governor Newsom. Unless affected by the passing of the California Privacy Rights Act ballot initiative, the carve-outs will apply until January 1, 2022. Governor Newsom Issues Legislative Update 9.29.20  ... More
  • Federal SAFE DATA Act Combines Privacy Protections of Three Previous Bills Is a U.S. federal privacy law in our future? Combining the privacy protections included in three previously independent bills — the U.S. Consumer Data Protection Act, Filter Bubble Transparency Act and Deceptive Experiences To Online Users Reduction Act — Senate Republicans’ SAFE DATA Act  provides some of the strongest privacy protections to date, writes Müge Fazlioglu for the International Association of Privacy Professionals (IAPP). However, the two key dividing lines remain over whether federal privacy legislation will include a private right of... More
  • The Washington Privacy Act Returns With a Broader Scope Washington state lawmakers have recast the proposed Washington Privacy Act for 2021. “While the 2021 draft bill is similar to the 2020 version (Senate Bill 6281), its scope is broader and certain provisions appear to signal an effort to compromise on some of the contested issues. The draft 2021 WaPA includes new sections for “data privacy regarding public health emergencies” related to COVID-19 and the processing of personal information for automated contact tracing,” writes Catherine Cosgrove for the International Association of... More
  • Senate Committee Schedules Hearing on Federal Data Privacy Legislation Time for a U.S. federal privacy law? “U.S. Sen. Roger Wicker, R-Miss., chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled, “Revisiting the Need for Federal Data Privacy Legislation,” at 10:00 a.m. on Wednesday, September 23, 2020. The hearing will examine the current state of consumer data privacy and legislative efforts to provide baseline data protections for all Americans. It will also examine lessons learned from the implementation of state privacy laws in the U.S. and the E.U.... More
  • Revised, Washington State Privacy Legislation Moves Forward The Washington Privacy Act is back and now includes provisions for handling personal data during a public health emergency such as a pandemic. Its provisions are closer to the European Union’s General Data Privacy Regulation (GDPR) than the California Consumer Privacy Act (CCPA) and include: Controller and processor obligations Right of correction Provisions regarding profiling Purpose specification Data minimization Mandatory Data Protection Impact Assessments, called Data Protection Assessments, in certain cases Read the full text of the bill.... More
  • California Moves Two COVID Privacy Bills Forward Two bills dealing with processing COVID-19 data in California were referred to the Senate Appropriations Committee. Assembly Bill 660 prohibits data collected, received or prepared for purposes of contact tracing from being used or disclosed for any purpose other than facilitating contact tracing efforts. It also requires the data collected to be deleted within 60 days, unless that data is in the possession of a state or local health department. Read the full text and check updated status. Assembly Bill 1782  regulates public... More