Privacy Law (CLE)

The current year awaits a new wave of regulations under the California Privacy Rights Act (CPRA). The new CPRA provisions emphasize the heightened protocols for sensitive personal information, data collection, and data protection requirements.

The California Privacy Rights Act (CPRA), which will take effect on January 1, 2023, is set to amend the California Consumer Privacy Act (CCPA) and impose stricter data protection requirements for both consumer and human resources data.

Intended to enhance consumer privacy rights and data use transparency, the California Consumer Privacy Act (CCPA) of 2018 is regarded as the most comprehensive privacy law in the U.S. The Act, which went into effect on January 1, 2020, imposes stringent privacy requirements with significant impacts on many entities that do business with California residents.

The current COVID-19 pandemic has created unprecedented challenges for health care providers and their business associates. This public health emergency has changed the way health care providers operate and deliver health care, including the increasing reliance on telehealth. Privacy officers for covered entities and their business associates need to keep abreast of notices and guidances issued by Department of Health and Human Services regarding compliance with Health Insurance Portability and Accountability Act (HIPAA) during this public health emergency.

The California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, is the newest statute intended to improve the data use transparency and privacy rights within the state. One of its significant prohibitions is the selling and disclosure of California residents’ personal information, particularly of children under 16 years old. Businesses and individuals who fail to comply with and violate these prohibitions are further confronted with increased liability under the Children’s Online Privacy Protection Act (COPPA), a federal law that restricts the collection and use of personal information of children under the age of 13.

Several regulatory developments that further reshape the future of the California Consumer Privacy Act (CCPA) have taken place over the last few months. Last August, California's Office of Administrative Law (OAL) has approved the enforcement regulations under CCPA, whereas the state's legislature has passed AB 1281, a bill that extends the CCPA compliance deadline for business-to-business (B2B) and employee data. Furthermore, in November 2020, Californians voted to approve the California Privacy Rights Act (CPRA) which significantly expands and strengthens the CCPA through a new set of consumer privacy rights.

The increasing use of biometrics across industries has provided security improvements and better access control in the way companies do their businesses today. With its various advantages, the market for biometric technologies has also grown rapidly, redefining the norm of human authentication and identification.

The California Privacy Rights Act (CPRA) which refines and expands existing privacy regulations under the California Consumer Privacy Act (CCPA) is now coming on-stream. With the developments and regulatory updates the CPRA is currently posing, organizations are now moving to strengthen their data protection practices and starting to adapt to the anticipated changes.

The California Consumer Privacy Act (CCPA) significantly reshaped privacy laws, creating a profound impact on California-based companies and consumers. Since its enactment, businesses have been faced with increased challenges and compliance hurdles and its effect will be further felt as revisions to the existing regulations are still possible.

Over the years, cyber incidents have become more and more rampant. Companies encounter various risks and challenges daily, that avoiding such attacks does not anymore suffice as a countermeasure. Companies must, therefore, develop a comprehensive cyber incident response and recovery plan that will efficiently protect them from risks, costs, and damages.