Join Kelley Drye this week for:

Privacy Priorities for 2022: Legal and Tech Developments to Track and Tackle
Wednesday, January 26 at 4:00pm ET/ 1:00pm PT

Privacy compliance is a daunting task, particularly when the legal and tech landscape keeps shifting. Many companies are still updating their privacy compliance programs to address CCPA requirements, FTC

As we’ve all been following in the news, the House reconciliation bill to fund “human infrastructure” is still mired in negotiations, ever on the verge of either passing to monumental fanfare, or cratering in failure. Tucked away on page 671 of the 1684-page bill is a short provision that, despite scant attention, has the potential

Privacy Compliance Tech-Tools and StrategiesWith AdTech (tracking individuals and their online or in app behaviors to build a profile of them to better serve and more effectively target them) and MarTech (strategies and technologies to generate demand, attention, and sales for a product) now the most celebrated or perhaps infamous areas in privacy today, being a privacy lawyer has

Ad Law Access PodcastMany states are considering comprehensive privacy legislation in the absence of a federal law. On another much anticipated episode of the Ad Law Access podcast, Alysa Hutnik and Aaron Burstein discuss pending state privacy legislation, how we got here, and some expected future legislation. Find the episode here or wherever you get your podcasts

California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021. The revisions went into effect upon approval. In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes: (1) Notice for Sale of PI Collected Offline: Businesses that sell personal information collected offline must provide an offline notice by means such as providing paper copies or posting signs in a store, or giving an oral notice if collecting personal information over the phone. (2) Opt-Out Icon: The revised regulations provide that businesses may use an opt-out icon in addition to, but not in lieu of, notice of a right to opt out or a “Do Not Sell My Personal Information” link. (3) Do Not Sell Requests: A “Do Not Sell” request must “be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out.” The change prohibits businesses from using any method that is designed to or would have the effect of preventing a consumer from opting out. The revised regulation offers examples of prohibited opt-out practices, which include requiring a consumer to: (A) complete more steps to opt out than to re-opt in after a consumer had previously opted out; (B) provide personal information that is not necessary to implement the opt-out request; and (C) read through a list of reasons why he or she shouldn’t opt out before confirming the request. (4) Consumer Requests from Authorized Agents: A business may now require an authorized agent who submits a request to know or delete to provide proof that the consumer gave the agent signed permission to submit a request. The regulations also preserve the options business previously had of requiring the consumer to verify their identity directly to the business or directly confirming that they provided the authorized agent permission to submit the request. (5) Children’s Information: The addition of the word “or” in section 999.332 requires businesses that sell personal information of children under the age of 13 “and/or” between the ages of 13 and 15 to describe in their privacy policies how to make an opt-in to sale requests. We will continue to monitor closely further developments in CCPA regulations.California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021.  The revisions went into effect upon approval.  In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes:

(1) Notice for Sale of

On March 2, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state to enact comprehensive privacy legislation.

With the VCDPA on the books, companies have the next 22 months to prepare for the VCDPA and the California Privacy Rights Act (CPRA) to go into effect.  This

Earlier this month, New York’s governor, Andrew Cuomo, signed a bill[1] that makes significant amendments to New York’s Civil Rights Law, which codifies rights of publicity and privacy in the State. In addition to adding a long anticipated post-mortem right of publicity, the bill also prohibits unauthorized use of digital replicas of deceased celebrities and

The replay for our October 13, 2020 Futureproofing Privacy Programs webinar is available here.

Building a successful privacy program requires much more than compliance with data protection laws. To thrive in today’s global, data-driven environment, companies also need to understand the political environment and public attitudes surrounding privacy in the countries in which they

The replay for our July 30, 2020 California Consumer Privacy Act (CCPA) for Procrastinators: What You Need To Do Now If You Haven’t Done Anything Yet webinar is available here.

The coronavirus pandemic has put many things on hold, but CCPA enforcement is not one of them. The California Attorney General’s enforcement authority kicked

On July 22, the New York Department of Financial Services (DFS) announced the first enforcement action under its new Cybersecurity Regulation, which requires that businesses registered or licensed by DFS comply with a number of robust cybersecurity requirements. The action involves First American Title Insurance Company and, according to the Statement of Charges and Notice