What will the CPRA passing mean to anyone doing business with Californians?

CPRA passage california privacy act

With the California Privacy Rights Act (CPRA) passage (aka Prop 24), the CCPA, already strict in its interpretation of PII, expands consumer rights and places new requirements on businesses. A few loopholes close, definitions gain clarity – and it becomes even more imperative to educate and notify consumers on data use, personalization, and so forth. … Read more

What’s the California Assembly’s Course Correction mean to CCPA?

CCPA Course Correction HIPAA Exemption

Well, remember the issues around what the “HIPAA exemption” in the California Consumer Privacy Act (CCPA) really applied to?  We wrote about it here all the way back in May 2019. Turns out our impression was correct – so correct that California just passed a law to correct it! Here’s the skinny: On September 5, … Read more

How the SHIELD Act Expands Legal Reach on Breaches

New York SHIELD Act image

Interested in some (thankfully) non-pandemic related news? New York State’s SHIELD Act is in effect as of March 21, 2020. The SHIELD Act (Stop Hacks and Improve Electronic Data Security Act) takes several actions, including: broadening the definition of “Private Information”, expanding the definition of breach, and expanding the reach of the law to include … Read more

What does the CCPA have to do with Policies & Procedures?

policies procedures CCPA

Compliance with CCPA is entwined with how you do business. Your business operations (the “how and what”) directly link to company policy, controls, processes: policies and procedures. You could say that the CCPA has everything to do with policies and procedures. Which is why you need to update yours – yesterday. Not convinced? Let’s go … Read more

The CCPA and the Iffy Territory of the “HIPAA exemption”

CCPA HIPAA exemption

A brief recap: The California Consumer Privacy Act (CCPA) aims to give California consumers greater control over their personal information by imposing certain obligations on entities covered by the law. The CCPA takes effect January 1, 2020. And as we said in an earlier blog article, you don’t have to be a California-based business to … Read more

Who needs to comply with the CCPA? Hint: Not only California.

CCPA Who Needs to Comply

The first thing to realize about California Consumer Privacy Act (CCPA) compliance is that you don’t have to be a California-based business to be affected. As of 2018, California was the world’s 5th largest economy. You’re better off to ask yourself what the chances that you’re not subject to the CCPA. US-based or global, you … Read more

How can your Third Party Vendor help or hurt your SOC 2 status?

Are you tracking the moving target of your third party vendors’ privacy and security practices? You may want to get on that. If you’re one of the many organizations about to tackle the SOC 2 assessment process, familiarize yourself with the AICPA’s 2017 Trust Service Criteria document (formerly Trust Service Principles). You’ll quickly notice the … Read more

Data Privacy & Security: 2018 Reflections & the Year Ahead

2018 its a wrap data privacy

It’s been a tumultuous 2018 for data privacy and information security. New regulations here and abroad show that data privacy will continue to be a hot topic as we move into 2019. We’re seeing the OCR’s investigations and penalties aren’t limited to large entities or to large breaches. Expect that will continue. Over 60 organizations … Read more

Policy Controls: Why The Whole World Wants You to Write Policies

As a follow-up to Chris’s 2018 Privacy & Security Forum update, I’ll focus on policy controls, because the entire world has lasered in on policies thanks to the GDPR effect. But first, a tip of the hat to Professor Solove and Professor Schwartz for their role in designing and running this conference. It was substantial, … Read more