Businesses nationwide finally have clarity on their compliance obligations under the California Consumer Privacy Act (CCPA), as the landmark privacy law’s implementing regulations were finalized in August after a few last changes worth noting, and the Governor just signed two important CCPA amendments. With enforcement underway, business leaders should continue to focus on compliance — while also monitoring the progress of the California Privacy Rights and Enforcement Act, a 2020 ballot initiative that could soon become the next sweeping privacy law.
For the full alert, visit the Faegre Drinker website.
On September 15, 2020, the New York Attorney General’s Office (NYAG) announced a settlement with Dunkin’ Brands, Inc. (Dunkin) in connection with a September 2019 lawsuit brought by the NYAG against Dunkin for alleged failures to adequately respond to cyberattacks that impacted approximately 300,000 customers. The proposed settlement—which still must be approved by the court—requires Dunkin to, among other things, notify customers impacted by the attacks, maintain specific cybersecurity procedures to prevent future cyberattacks, and pay $650,000 in penalties.
California’s Attorney General recently released revised draft regulations for the California Consumer Privacy Act (CCPA). Comments to the revisions are currently accepted through February 25, 2020.
Read the update to see the changes, with key additions and deletions highlighted.
The Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a Notice seeking comments on a proposed federal consumer data privacy approach. In a parallel effort, the Commerce Department’s National Institute of Standards and Technology is developing a voluntary privacy framework to help organizations manage risk.