In April, Rob Bonta became the new California Attorney General. In swift form, and not taking any summer break, he has made it clear that privacy and CCPA compliance is a priority, and that enforcement won’t be limited to a handful of requirements under the CCPA, as many previously believed.

First, the Attorney General posted several examples of enforcement actions, including those addressing the following issues:
Continue Reading The Summer of CCPA Enforcement

During a recent keynote presentation with the IAPP following the July 1 enforcement deadline of the CCPA, Stacey Schesser, Supervising Deputy Attorney General for the State of California (“Deputy AG”), provided a bit of a roadmap for CCPA enforcement actions from the California Attorney General (“AG”) that are both currently underway and expected in the near future.
Continue Reading CCPA Enforcement: What to Expect Next

The California Consumer Privacy Act (CCPA) goes live in six weeks. While many companies have been working on mapping their data for some time, others are just getting started. Some of the issues left open by the language of the CCPA and the proposed regulations have yet to be resolved, but there is no question

As part of our blog series, we share some of the most frequently asked questions that we receive from organizations across different industries regarding data privacy and security, and more specifically GDPR and CCPA. This is the second FAQ in our series.


Even though the California Consumer Privacy Act (“CCPA”) will be effective January 1, 2020, the time to plan for compliance is now.  It may seem as though you have plenty of time to prepare but it is a mistake to not start preparing. Indeed with the twelve-month lookback provisions, companies must have proper records of personal information that they collected as of January 1, 2019.

Under the CCPA, individuals have various new rights that must be detailed in a company’s just in time privacy notice (a new requirement under the Attorney General’s proposed regulations) and a company’s privacy policy, including the right to access their information, to request deletion of their information, to be informed of certain transfers of their information, to opt-out (if over 16) of or opt-in (if under 16) to sales of their information, and receive equal service and price even if they exercise their rights.

There are many nuanced questions to consider that may not be apparent on a cursory read of the CCPA or the proposed Attorney General regulations. Some basic common questions arise when companies first hear about the CCPA, as follows.
Continue Reading Privacy FAQ #2 – CCPA

Similar to the months before the GDPR went into effect at the end of May 2018, companies are now actively preparing for compliance with the California Consumer Privacy Act (CCPA).  As California leads the pack of states in terms of privacy and technology laws, other states have followed suit, including Nevada.

The Nevada statute (SB 220) is an amendment to Nevada’s existing law, which requires website operators to have a privacy policy with certain disclosures.
Continue Reading From the Golden State to the Silver State – Privacy Law in Nevada