As if businesses did not already have enough to address with the COVID-19 pandemic and compliance with the California Consumer Privacy Act (the “CCPA”), businesses need to consider the California Privacy Rights Act (the “CPRA”), which will almost certainly be on the November ballot. Structured as an amendment to the CCPA and also known as

As cities and states gradually open up, companies have begun to assess under what circumstances they can re-open the workplace – and in particular, what health-related personal information can and should be collected. When it comes to monitoring employees, generally speaking, privacy and employment law are increasingly overlapping as more stringent laws are adopted, and COVID-19 has brought this overlap to the forefront. Our employment team at Hopkins & Carley has provided a number of resources and webinars on the employment-related issues of COVID-19 and what can and cannot be done (available here). Here we will focus on the intertwined privacy implications of allowing individuals – employees and non-employees – back into offices and facilities, particularly with respect to the California Consumer Privacy Act (CCPA).

What are the CCPA’s notice requirements?
Continue Reading Returning to Work: CCPA Considerations

I recently co-wrote the following client alert with one of my colleagues, Monique Jewett-Brewster. Monique advises creditors, commercial landlords and tenants, and asset purchasers in business bankruptcies and in all other aspects of insolvency law.


As we move closer to a global recession caused by the current pandemic, some companies will find themselves in the unfortunate position of having to seek bankruptcy relief. This may have some important and often overlooked privacy implications. There is no question that in this day and age, one of a business’ most valuable assets is the personal information that it has collected from its customers and/or end-users – often more so than any of its tangible assets. Increasingly, as business shifts online, this is true not only of technology companies but also of “brick and mortar” companies.

However, when a business becomes a debtor, the sale of personal information can be problematic. Section 363(b) of the US Bankruptcy Code provides that a debtor that has a privacy notice prohibiting the transfer of personally identifiable information (“personal information”) may not use, sell or lease such information other than in the ordinary course of business unless (1) the use, sale or lease is consistent with the terms of the privacy notice or (2) after the appointment of a consumer privacy ombudsman (“CPO”) the court finds, after giving due consideration to the facts, circumstances, and conditions, that the sale or lease would not violate applicable non-bankruptcy law. These restrictions only apply if the debtor disclosed to its customers a privacy notice prohibiting the transfer of personal information to persons not affiliated with the debtor and the policy was in effect on the date of the bankruptcy filing.
Continue Reading Privacy Issues in Bankruptcy Sales