Greetings from Portsmouth, New Hampshire!
Here at the IAPP, we are wrapping up a short week as we had Monday off to commemorate Columbus Day — or Indigenous People’s Day, depending on where you live in the U.S. I love long weekends but always anticipate the first couple of days back will be hectic and filled with breaking news of some sort.
This week did not disappoint. We returned from the break to the anticipated news that Gov. Gavin Newson, D-Calif., signed seven California Consumer Privacy Act amendments into law, privacy professionals were still abuzz about the CCPA draft regulations California Attorney General Xavier Becerra dropped last Thursday, there were more calls for a federal privacy law and, coincidentally, another federal privacy bill was introduced.
Newsom signed the bills late last Friday afternoon, and they include some changes to the language originally included in the amendments, such as changes to the definition of personal information, clarifications on private right of action and the creation of a data broker registry.
The signing came on the heels of the release CCPA draft regs, which caused some consternation among privacy pros. As my colleague Angelique Carson wrote for The Privacy Advisor, “The regulations are important and have been eagerly anticipated because they've largely been heralded as the answers to companies' burning questions about some of the law's ambiguities.” She spoke with Frankfurt Kurnit Klein & Selz's Tanya Forsheit, who said that while some of the regulation’s provisions help clarify “allowances for organizations dealing with subject-access requests to vet and, if necessary, deny requests for data deletion or receiving a copy of a subject's data if it is not possible to verify someone's identification,” the regulations do not contain enough information for businesses to help consumers.
While privacy professionals are grappling with the draft regs and companies are prepping for the CCPA to go into effect, Sen. Ron Wyden, D-Ore., introduced the “Mind Your Own Business Act,” an update to Wyden’s Consumer Data Protection Act proposed in 2018. This updated version “would bring meaningful punishments for companies that violate people's data privacy, including larger fines and potential jail time for CEOs.” Under the proposed bill, state attorneys general would have the power to enforce data privacy regulations and allow privacy advocacy groups to sue companies on behalf of individuals affected by data violations. The bill would also give the Federal Trade Commission authority to fine companies up to 4% of annual revenues for violating the law.
To help you keep track of the status for all the CCPA amendments and the number of state laws throughout the U.S., IAPP Westin Fellow Naniette Coleman has updated our “CCPA Amendment Tracker” and the “US State Comprehensive Privacy Law Comparison” table. And, in case you missed it, Senior Westin Fellow Müge Fazlioglu has been following federal U.S. privacy legislation in this IAPP white paper.
Have a good weekend!
If you want to comment on this post, you need to login.