We are pleased to invite you to the next webinar in our Internet of Things series, focusing on the impact of the following California (and other) laws on IoT offerings: California Consumer Privacy Act (CCPA) The new California Privacy Rights and Enforcement Act (CPRA) The California IoT security bill California and other privacy laws have a significant impact on consumer applications and devices for home-based use. Through representative use cases in the following areas, attorneys in our top-rated Hogan Lovells Privacy and Cybersecurity practice will discuss strategies for building and
Join Hogan Lovells and Ankura to learn about the impact of the GDPR and CCPA on cookies and similar AdTech tracking technologies. James Denvil from Hogan Lovells’ Privacy and Cybersecurity practice by senior directors from Ankura to share best practices and their perspectives. Program topics will include: Cookies and Similar Tracking Technologies Defined How cookies and similar tracking technologies support and enhance digital services, including advertising Types of cookies (are your cookies strictly necessary or for marketing purposes?) Ways in which consumers’ digital activities are shared throughout the digital advertising
Please join us for our October Events. October 15 Privacy + Security Forum Bret Cohen is a speaker on the panel “The Notice Trap: When and How to ‘Inform,’ Provide ‘Explicit Notice,’ and ‘Disclose’ Under the CCPA” at the Privacy + Security Academy’s Privacy + Security Forum. Location: Washington, D.C. October 15 Privacy + Security Forum Pete Marta is a speaker on the panel, “Best Practices for Preparing a Ransomware-Related Cyber Incident Response Plan,” at the Privacy + Security Academy’s Privacy + Security Forum. Location: Washington, D.C. October 15 Privacy + Security Forum Tim Tobin is a speaker on the
Please join us for our September events. September 11 Data and Privacy in the Autonomous Car Tim Tobin will speak on the webinar, “Data and Privacy in the Autonomous Car, What New Questions Might We Face?” presented by the Privacy + Security Forum. To register, please click here. Location: Webinar September 13 Medical Technology Executive Forum Paul Otto will speak on cybersecurity & patient safety at the Medical Device Manufacturers Association’s 12th Annual Medical Technology Executive Forum. Location: Palo Alto, California September 16 Association of Independent Research Institutes Annual Meeting Melissa
We have extensively covered the California Consumer Privacy Act, the first U.S. law comprehensively regulating the collection, use, and disclosure of general consumers’ personal information in the U.S. This important legislation poses significant compliance challenges for organizations that engage with residents of California, the world’s fifth largest economy. On June 19, 2019, Hogan Lovells partners Mark Brennan and Bret Cohen discussed in great detail the impact of the law, explained key definitions, and offered practical guidance on how to navigate it during the webinar, “Operationalizing the California Consumer Privacy Act.” More
Nevada has a new privacy law. On May 29, Nevada Governor Steve Sisolak signed Senate Bill 220 (SB-220) into law, making Nevada the first state to join California in granting consumers the right to opt out of the sale of their personal information. The act, which amends an existing online privacy notice law, is significantly narrower than the California Consumer Privacy Act (CCPA). It applies only to online activities, defines “consumer” and “sale” in a much more limited manner than the CCPA, and includes broad exceptions for financial institutions subject
A number of legislative proposals seeking to amend the California Consumer Privacy Act (CCPA) are moving forward following an April 23 hearing before the California Assembly’s Committee on Privacy and Consumer Protection in which the bills were approved. The bills will now advance to the Assembly’s Appropriations Committee before being voted on by the full Assembly and potentially advancing to the California Senate for consideration.
The California legislature is considering significant amendments to the California Consumer Privacy Act (CCPA) ahead of the law’s January 1, 2020 implementation date. Of particular note has been the potential for CCPA amendments to expand the private right of action beyond violations of businesses’ duty to implement and maintain reasonable security procedures to instead cover violations of any CCPA right. Recent developments in the California Assembly and Senate may preview whether California businesses and consumers should expect an expanded private right of action: On April 10, The CCPA amendments bill
In June of 2018, California passed the California Consumer Privacy Act (CCPA), which seeks to give consumers additional safeguards regarding their personal information. The CCPA will become effective January of 2020 and may impact companies in the education sector, including the larger education technology companies. While the CCPA does not apply to nonprofit educational institutions, it may apply to certain for-profit educational institutions, third-party service providers, and others in the education space. If an educational entity meets the threshold requirements below or it processes information on behalf of such an
The California Department of Justice has announced a March 8, 2019 deadline for submitting written pre-rulemaking comments on the California Consumer Privacy Act (CCPA). The March 8 deadline is an extension from the previously set end-of-February deadline. Pursuant to section 1798.185(a) of the CCPA, the California Attorney General (AG) is obligated to solicit broad public participation and adopt regulations to further the purposes of the CCPA. The CCPA sets out seven specific areas for AG rulemaking: Updating as needed the categories of personal information expressly enumerated in the definition of
This is the seventh installment in Hogan Lovells’ series on the California Consumer Privacy Act. The application of the California Consumer Protection Act of 2018 (“CCPA”) to employee data has been the subject of much debate since the first version of the bill was introduced on June 21, 2018 (just days prior to its enactment on June 28). Under a plain language reading of the CCPA, the law likely applies to employee data. However, it is unclear whether the California legislature intended that result. There is no clarity to be
This is the sixth installment in Hogan Lovells’ series on the California Consumer Privacy Act. The California Consumer Privacy Act of 2018 (CCPA) adds another set of privacy requirements for health and life sciences companies. Managing the interaction of these new requirements with existing obligations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), California’s Confidentiality of Medical Information Act (CMIA), and other health privacy laws will continue to be an area of focus in the health privacy community for years to come. We describe below these issues
This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR). At first glance, it is clear that the drafters of the CCPA (and the ballot measure that spurred its passage) drew inspiration from the GDPR. However, the CCPA is not a carbon copy of the GDPR, and a GDPR compliance program
Please join us for our October 2018 Privacy and Cybersecurity Events. October 3 Data Privacy on Steroids Harriet Pearson will speak on a panel at the Minority Corporate Counsel Association Conference. It is entitled “Data Privacy on Steroids: Sweeping New Data Privacy/Security Regulation in the EU and California, and What it Means for American Business.” Location: New York City
This is the fourth installment in Hogan Lovells’ series on the California Consumer Privacy Act This post discusses litigation exposure that businesses collecting personal information about California consumers should consider in the wake of the California Legislature’s passage of the California Consumer Privacy Act of 2018 (CCPA). For several years, the plaintiffs’ bar increasingly has relied on statutes like the Confidentiality of Medical Information Act, Cal. Civ. Code § 56 et seq., and the Customer Records Act, Cal. Civ. Code § 1798.81, et seq., to support individual and classwide actions
This is the third installment in Hogan Lovells’ series on the California Consumer Privacy Act. What personal information do you have about California consumers and households? The California Consumer Privacy Act of 2018 (“CCPA”) provides a series of new compliance obligations and operational challenges for companies doing business in California. A vital first step for any company subject to the CCPA and looking to forge a practical path forward is to inventory the personal information (“PI”) that the company collects, stores, and shares with others. As part of our ongoing
This is the second installment in Hogan Lovells’ series on the California Consumer Privacy Act. Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. Legislative history can speak volumes about those word choices, and the unique legislative history of the California Consumer Privacy Act of 2018 (CCPA) only highlights the importance of understanding the terms used in the act.
Groundbreaking. Watershed. Unprecedented. We have heard the California Consumer Privacy Act of 2018 (CCPA) called all these things and more since its enactment on June 28, 2018. Our experience to date has confirmed the compliance challenge ahead for organizations that engage with the residents of the world’s fifth-largest economy. We will explore the ramifications for businesses of this seminal legislation in this multi-part series, The Challenge Ahead, authored by members of Hogan Lovells’ CCPA team. Each post will provide analysis of key legal issues implicated by the CCPA along with practical takeaways.
Thank you to everyone who participated in last week’s webinar “California Consumer Privacy Act: What you need to know now.” In this complimentary webinar, Hogan Lovells partners Mark Brennan, Bret Cohen, Harriet Pearson, and Tim Tobin, discussed: • What triggered the new law? • What data is covered? • What does CCPA require, and how do you start operationalizing the requirements? • Disclosure requirements • Opt-out and opt-in requirements • Data access, portability, and “right to delete” requirements • What’s the impact on your GDPR compliance program-what additional steps do
On June 28, 2018, California’s governor signed Assembly Bill 375, a ground-breaking new data privacy law that some are calling the United States’ answer to the European Union’s General Data Protection Regulation (GDPR). Particularly in light of California’s status as the world’s 5th largest economy, many are wondering how the new California Consumer Privacy Act (CCPA) will affect them. Please join members of the Hogan Lovells global privacy team to arm yourself first-hand with insights about: What triggered the new law? What data is covered? What does the CCPA require,
California continues to be a first mover in privacy in the United States, enacting the US’s toughest and most comprehensive privacy legislation on Thursday, June 28, 2018. Unlike existing state and federal privacy legislation that has generally focused on specific sectors or privacy issues, the California Consumer Privacy Act of 2018 (AB 375), applies broadly to businesses that collect personal information about California consumers and aims to create significant new consumer privacy rights. In doing so, it creates significant new obligations for businesses. The new law was a fast-tracked effort