Virginia Consumer Data Protection Act (VCDPA)

On January 1st of this year, the Virginia Consumer Data Protection Act (“VCDPA”) and amendments to the California Consumer Privacy Act (“CCPA”) went into effect. Later this year, the Colorado Privacy Act (“CPA”), Connecticut’s Public Act No. 22-15 (known as the “Connecticut Privacy Act” or “CTPA”), and the Utah Consumer Privacy Act (“UCPA”) will go into effect as well. Aside from the UCPA, these laws will obligate covered entities to document and assess certain processing activities in formal data protection assessments, which will be available to regulators. The purpose is to require companies to look critically at high-risk data processing activities and avoid unjustifiable risks and negative impacts on data subjects. Assessments can also serve the purpose of maintaining current data inventories and retention schedules and ensuring that processing is not inconsistent with the notified purposes at the time of collection.
Continue Reading 2023 State Privacy Laws and Regulations Bring Extensive Data Protection Assessment Requirements

On March 15, 2023, after five public input sessions, a rulemaking hearing, and over 130 written comments, the Colorado Privacy Act (“CPA”) rules were officially finalized when the Colorado Attorney General’s Office completed its review and submitted them to the Secretary of State. The final rules will be published later this month and go into effect on the same day as the statute, July 1, 2023.
Continue Reading Colorado Privacy Act Rules Finalized; To Be in Effect July 1

Part 1 of How to Approach DPAs in view of Final CCPA Regs: A Series

This is the first in our series of blog posts on top considerations for approaching data processing terms required under the state privacy laws that have, or will, come into effect this year, namely the California Consumer Privacy Act, as

The Interactive Advertising Bureau (IAB) and IAB Tech Lab have proposed updates their industry level agreements and privacy signal program to support the efforts of marketers, agencies, publishers, and ad tech companies to comply with the US state privacy laws going into effect in 2023. The comment period on the updates is open until October 27.
Continue Reading Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws

This blog post is a bonus supplement to our quarterly Artificial Intelligence and Biometric Privacy Quarterly Review Newsletter. Be on the lookout for our Q3 Newsletter!

We are quickly approaching the Jan. 1, 2023 operative date of most of the provisions of the California Privacy Rights Act (“CPRA), which, as most of us know by now, substantially amends the CCPA. Under the CPRA, the California Privacy Protection Agency (“CPPA” or “Agency”) has a mandate to issue regulations on a number of specific topics. With just fewer than three months to go until January 1, regulations are not even close to being finalized.  The Agency released the first draft of proposed regulations on May 24, and the first public comment period ended on August 23. In a meeting held by the CPPA on Friday, September 23, the Agency gave no concrete sense of timing or any comments on topics, such as those discussed in this post, for which regulations have not even been issued. This has left many businesses feeling left in the lurch, uncertain of what to do.
Continue Reading Profiling and Automated Decision-Making: How to Prepare in the Absence of Draft CPRA Regulations

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end

Malcolm Dowden and Niloufar Massachi Discuss Vendor

We head into the fourth quarter on the heels of the first public California Consumer Privacy Act (CCPA) civil penalty, while also looking ahead to the new state privacy laws in Virginia, Colorado, Connecticut, and Utah and the significant updates that the California Privacy Rights Act (CPRA) will bring to the CCPA. Considering that regulations

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference

CPW’s David Oberly

In the absence of any progress at the federal level, states have taken matters into their own hands with the introduction of proposed consumer privacy legislation geared toward placing greater protections over consumers’ sensitive personal data. 2021 was a busy year for state legislatures, with both Virginia and Colorado enacting new consumer privacy statutes of their own. 2022 brought more of the same, with Utah and Connecticut adding their names to the growing list of states that now have laws on the books granting consumers extensive rights regarding the collection and use of their personal data while at the same time imposing wide-ranging obligations on companies that handle that same data.

Continue Reading CPW’s David Oberly Examines Recent Major Changes to Consumer Privacy Legal Landscape in Latest Issue of the Cincinnati Bar Association’s CBA Report Magazine