As if businesses did not already have enough to address with the COVID-19 pandemic and compliance with the California Consumer Privacy Act (the “CCPA”), businesses need to consider the California Privacy Rights Act (the “CPRA”), which will almost certainly be on the November ballot. Structured as an amendment to the CCPA and also known as

As cities and states gradually open up, companies have begun to assess under what circumstances they can re-open the workplace – and in particular, what health-related personal information can and should be collected. When it comes to monitoring employees, generally speaking, privacy and employment law are increasingly overlapping as more stringent laws are adopted, and COVID-19 has brought this overlap to the forefront. Our employment team at Hopkins & Carley has provided a number of resources and webinars on the employment-related issues of COVID-19 and what can and cannot be done (available here). Here we will focus on the intertwined privacy implications of allowing individuals – employees and non-employees – back into offices and facilities, particularly with respect to the California Consumer Privacy Act (CCPA).

What are the CCPA’s notice requirements?
Continue Reading Returning to Work: CCPA Considerations

The California Consumer Privacy Act (CCPA) goes live in six weeks. While many companies have been working on mapping their data for some time, others are just getting started. Some of the issues left open by the language of the CCPA and the proposed regulations have yet to be resolved, but there is no question

As part of our blog series, we share some of the most frequently asked questions that we receive from organizations across different industries regarding data privacy and security, and more specifically GDPR and CCPA. This is the second FAQ in our series.


Even though the California Consumer Privacy Act (“CCPA”) will be effective January 1, 2020, the time to plan for compliance is now.  It may seem as though you have plenty of time to prepare but it is a mistake to not start preparing. Indeed with the twelve-month lookback provisions, companies must have proper records of personal information that they collected as of January 1, 2019.

Under the CCPA, individuals have various new rights that must be detailed in a company’s just in time privacy notice (a new requirement under the Attorney General’s proposed regulations) and a company’s privacy policy, including the right to access their information, to request deletion of their information, to be informed of certain transfers of their information, to opt-out (if over 16) of or opt-in (if under 16) to sales of their information, and receive equal service and price even if they exercise their rights.

There are many nuanced questions to consider that may not be apparent on a cursory read of the CCPA or the proposed Attorney General regulations. Some basic common questions arise when companies first hear about the CCPA, as follows.
Continue Reading Privacy FAQ #2 – CCPA

Similar to the months before the GDPR went into effect at the end of May 2018, companies are now actively preparing for compliance with the California Consumer Privacy Act (CCPA).  As California leads the pack of states in terms of privacy and technology laws, other states have followed suit, including Nevada.

The Nevada statute (SB 220) is an amendment to Nevada’s existing law, which requires website operators to have a privacy policy with certain disclosures.
Continue Reading From the Golden State to the Silver State – Privacy Law in Nevada