The start of 2020 did not just bring us the effective date of the California Consumer Privacy Act (CCPA). It also lead to several state legislators introducing their own versions of potentially ground-breaking privacy and data security laws. Each law has nuances that will likely result in a compliance nightmare, particularly if all or most of the states and territories enact their own law. However, each also appears on its face to riff on either the EU’s General Data Protection Regulation (GDPR) or the CCPA.

The chart below provides a list (current as of April 14, 2020) of proposed state privacy legislation that could still be enacted this session. The purpose of the chart is to provide the broad strokes of each proposed law, show their similarities, and highlight key differences. The question is whether the GDPR and/or CCPA actually provide the most appropriate models to emulate? The CCPA is perceived and touted by many as the first and most comprehensive privacy and data security law of its kind in the US, but we can’t help but wonder: does first necessarily mean best?

States that considered but ultimately chose not to pass proposed privacy legislation in 2020 include: Florida, Maryland, Virginia, Washington, and Wisconsin.
Continue Reading What’s the Deal with the Other State Privacy Bills?

This afternoon, Governor Brown signed into law California Assembly Bill 375, the California Consumer Privacy Act of 2018. The law is unprecedented in the United States that it applies European-level compliance obligations akin to the now infamous General Data Protection Regulation (GDPR), which took effect only a month ago. How did this happen? California legislators rushed a bill through to avoid a ballot initiative proposed by Alastair Mactaggart. Mactaggart agreed to withdraw the initiative if a law was signed by the Governor by today. The law takes effect on January 1, 2020. (And if you think that’s a long time, then you did not just live through the last 18 months working on GDPR preparedness.)   What does AB 375 mean for organizations doing business in California? It includes new disclosure requirements, consumer rights, training obligations, and potential penalties for noncompliance, among other things.

Below are some of the key provisions:


Continue Reading California, Privacy, and the New Normal – CA AB 375 Signed Into Law