Facebook, LDU Mode, and the CCPA: What Businesses Need to Know ASAP

At the beginning of July, Facebook quietly implemented a Limited Data Use (LDU) mode for their advertising products (including the PageView pixel). Under this mode—which is enabled by default for the month of July—a business customer can determine whether Facebook is restricted in how it processes user personal information when a user visits its page. Of note, if LDU mode is turned on and Facebook determines that a user is located in California (either because the business affirmatively represents this as true or Facebook’s geolocation tools believe the user to be in the state), Facebook will act like a “service provider” under the California Consumer Privacy Act (CCPA) and only use the data collected for limited purposes. That being said, Facebook provides severely restricted functionality to its business customers when LDU mode is enabled. (Read More)

Invalidation of EU-US Privacy Shield Leaves Businesses Scrambling

It is déjà vu all over again for companies that transfer personal data on European residents to the United States. This month, the European Court of Justice (ECJ) invalidated the EU-US Privacy Shield framework, leaving businesses with one less option to accomplish EU-US transfers of personal information. That being said, those interested can rest assured that not all is lost. (Read More)

CCPA Enforcement Date Fast Approaching Regardless of COVID-19

By virtue of the COVID-19 pandemic and unrest now gripping our nation, the California Consumer Privacy Act (CCPA) may not be top of mind for those doing business in the Golden State. But it should, as the privacy law’s July 1 enforcement deadline is almost upon us.

Earlier this year, several industry groups petitioned California’s Attorney General to move the deadline to January 1, 2021, in light of the coronavirus and its impact upon businesses nationwide. However, in an April press release, the Attorney General’s office refused to do so, stating that online privacy remained a priority, especially with the increases in people working remotely or homeschooling children. As such, there is no indication that enforcement of the CCPA will be delayed. (Read More)

A Mixed Bag At Best: The Attorney General's Proposed CCPA Regulations

The long wait is over. The Attorney General of California has finally issued his proposed regulations on the California Consumer Privacy Act (CCPA), and for privacy professionals, it feels like Christmas morning. The sense of anticipation in unwrapping the regs has been visceral—are they akin to that bright and shiny toy we’ve been yearning for, or more like underwear and socks from Aunt Bernice? At first blush, they’re a little bit of both.

Amendments Bring New Clarity to CCPA Scope in Advance of 2020 Deadline

In the rush to pass AB-375 (the California Consumer Privacy Act (CCPA)) before the 2018 deadline to withdraw the looming ballot initiative, it was clear that amendments would be necessary.  Mere months after its passage, SB-1121 was passed to clean up technical and grammatical errors, but the more substantial revisions were anticipated this year.  In tracking those amendments, businesses have gained clarity on their 2020 compliance obligations. (Read More)

Oh, Say Can You CCPA

Does your company collect personal information on California residents and meet ANY of the following criteria?

1. Annual gross revenue in excess of $25 million.

2. Individually, or combined with affiliates, buys, sells, or shares the personal information of 50,000 or more consumers, households, or devices.

3. Derives 50% or more of its annual revenue from the sale of consumers’ personal information.

If so, say hello to the California Consumer Privacy Act – considered to be the strictest data privacy law in the United States – which you will be subject to beginning on January 1, 2020. (Read More)

California's Consumer Privacy Act: The Public Has Spoken

Last June, the California Consumer Privacy Act – which is considered to be the strictest data privacy law in the United States – was signed into law. Among other things, the CCPA gives Californians the right to know what personal information (PI) is being collected about them, whether their PI is being sold and to whom, the right to access their PI, the right to delete PI collected from them, and the right to opt-out to the sale of their PI. (Read More)

Denial of a NotPetya-Related Claim Shakes the Cyber Insurance World

In late June 2017, a cyber worm dubbed “NotPetya" successfully locked up networks across the globe. Infected computers displayed onscreen messages demanding $300 in Bitcoin (digital ransom) in exchange for a decryption key allowing owners to regain access. The scale of the cyber attack was enormous. From the Ukraine to the U.S., banking, oil, electric, shipping and pharmaceutical operations, among many others, were impacted. One of the companies hit by the malware – food giant Mondelez International. The incident reportedly cost it upwards of $100 million to clean up. (Read More)

New Year's (Cybersecurity) Resolutions

With 2018 now in the rear view mirror, many of us approach the new year looking to reassess and focus on ways to improve ourselves. The same can be said for businesses, which could certainly benefit by bolstering their cybersecurity and data privacy practices. With that said, here are a few cybersecurity tips to focus on in 2019. (Read More)

The GDPR Comes to the Golden State

California has hopped on the General Data Protection Regulation (GDPR) bandwagon with the California Consumer Privacy Act just signed into law by Governor Jerry Brown. The new data privacy law – which was unanimously approved by the state legislature and is the strictest in the U.S. – is GDPR-like to the extent it allows consumers to control how their personal data is collected, processed and shared. (Read More)