Starting in 2023, several new privacy laws go into effect in California, Virginia, Colorado, Connecticut, and Utah. These laws apply not only to businesses based in those states but to any business that meets certain thresholds and collects, stores, or processes personal information from any residents in those states. Penalties for non-compliance with these laws can be steep.
Olshan Intellectual Property/Brand Management and Protection partner Mary Grieco was quoted in a recent Law360 article (subscription required) entitled “Apple’s App Tracking Shift Seizes On ‘Spirit’ Of Privacy Laws.”
Following the lead of California, Virginia is set to become the second U.S. state to enact comprehensive consumer privacy legislation. Virginia Governor Ralph Northam is expected to sign the Consumer Data Protection Act (“CDPA”) into law, which will go into effect on January 1, 2023. As it may take businesses some time to make sure they are in compliance by the January 1, 2023 effective date, it is recommended that businesses review their current privacy practices and make any necessary changes.
While much attention has been focused on the new sweeping California privacy law, the California Consumer Privacy Act (CCPA), other laws governing the handling and protection of personal data by businesses have been passed without nearly as much fanfare. One such law is the New York Stop Hacks and Improve Electronic Security Data Act, also known as the SHIELD Act. Although not nearly as broad as the CCPA, the SHIELD Act may affect any person or business that collects, uses, and/or stores “private information” from a New York resident. Under the SHIELD Act, any such person or business must implement adequate security measures, set forth in the Act, to protect “private information” of New York residents. The Act also outlines the steps that must be taken by a business to notify affected individuals of any security breach in which “private information” was or is reasonably believed to have been compromised.
As many businesses may be aware by now, California recently enacted sweeping new laws governing the collection, use and management of personal information. The California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 has many businesses struggling to understand the application of the law and exactly what a business needs to do to comply. In an effort to clarify some aspects of the law, California issued draft regulations in October 2019 that provided some guidance to businesses, and those draft regulations continue to be revised as late as March 11, 2020. While still not finalized, the revised CCPA draft regulations offer some clarification, and open up more questions, on certain issues.
Happy holidays! As we enter a new year, Olshan’s Advertising & Branding groups share their list of current hot topics in advertising law. In no particular order (drum roll please), here is our top 10 list:
California’s onerous privacy regulations will soon be in effect. Unless exempted, businesses that collect personal data from residents of California need to make sure they are in compliance with the California Consumer Privacy Act, California Civil Code §§1798.100-1798.199 (“CCPA”) by January 1, 2020. If you have not yet done so, we urge you to take appropriate steps now to avoid potential liability for failure to comply with this new law.
Andrew Lustigman, head of Olshan’s Advertising, Marketing & Promotions Practice Group, was quoted in a Law360 (subscription required) article titled "Kids' Data Again In spotlight as FTC Revisits Privacy Rule"
Intellectual Property partner Mary Grieco was quoted in a recent Law360 article (subscription required) on the prevalence of recent federal and state laws, like California’s Consumer Privacy Act and a U.S. Senate proposal to create a national “Do Not Track” registry, designed to increase the public’s control over the use and sale of its personal information.
On May 20, 2019, Senator Josh Hawley, the Junior Senator from Missouri, announced that he will introduce the Do Not Track Act to aid consumers in controlling their personal data. The Do Not Track Act is similar to the national “Do Not Call” list, which gives individuals the power to block online companies from collecting data beyond what is necessary for their online services.
As we have previously reported, California’s Consumer Privacy Act (the “CCPA”) was passed in 2018 and goes into effect in January 2020, which provides broad protections for consumers in their ability to control the use of their personal data. You can see our prior article here. On February 25, 2019, California Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced SB 561, legislation intended to strengthen and clarify the CCPA. The Attorney General’s press release can be viewed here. Senator Jackson has stated that the bill is designed to ensure that “the most significant privacy protections in the nation are robustly enforced”.
Following the enactment of the European Union’s General Data Protection Regulation (“GDPR”), which went into effect on May 25, 2018, California has signed the California Consumer Privacy Act of 2018 (CCPA) into law, which will become operative on January 1, 2020. While companies who are now GDPR compliant will be in a better position to become compliant for CCPA purposes, there are still steps that even GDRP-compliant companies will need to take to become CCPA compliant. The full text of the CCPA can be viewed here.