Rod Ghaemmaghami

Subscribe to Rod Ghaemmaghami's Posts

Email
(310) 712-6192
Bio   LinkedIn

Contact: Read more about Rod Ghaemmaghami

If Iowa Governor Kim Reynolds signs Senate File (SF) 262, the Hawkeye State will become the sixth state to adopt a comprehensive consumer privacy law.  Iowa’s House and Senate have both passed Senate File 262 unanimously. If approved, SF 262 will go into effect January 1, 2025.

The potential addition of another state privacy law to those that are already on the books in California, Colorado, Connecticut, Utah, and Virginia is significant in its own right.  However, SF 262 doesn’t provide any novel rights for consumers or requirements on companies. Rather, it stays within the boundaries established by other state privacy laws and closely resembles the Utah Consumer Privacy Act (UCPA), with a few additional business-friendly terms.

Broad Exemptions and Limited Controller Duties. SF 262 would provide consumers a rights to confirm processing of personal data; obtain a copy of personal data; delete personal data provided by the consumer; and opt-out of the Sale of personal data and Targeted Advertising.

Continue Reading Iowa: A Sixth State Privacy Law?

With the clock now running on the comment period for the California Privacy Protection Agency’s (CPPA) Draft Regulations to implement the CPRA – comments are due on August 23 – one of the items on many businesses’ CPRA preparation to-do lists is to address new (and the expansion of existing) consumer rights. The Draft Regulations published by the CPPA lay out how the CPPA is likely to define these obligations. This post takes a deeper look at what’s in the CPPA’s proposal – as well as what’s missing.

A couple of overarching points are worth keeping in mind.  First, implementing the CPRA’s consumer rights provides an occasion to review and update data maps so that they accurately capture how personal information flows both through their organizations and to service providers, contractors, and/or third parties.  Second, preparing for CPRA consumer requests should go hand-in-hand with reviewing the systems and procedures that are in place to honor consumers’ requests.
Continue Reading Preparing for Expanded Consumer Rights Requests Under the CPRA

Among the many details to absorb in the draft amendments to the CCPA regulations published by the California Privacy Protection Agency (“CPPA”) on May 27 (the “Draft Regulations”) are new and prescriptive disclosure requirements for notices at collection and privacy policies. While these disclosure provisions (and all of the other provisions of the Draft Regulations)

The spotlights of the consumer privacy world are once again on California after the new California Privacy Protection Agency made a surprise Friday night release of its draft California Privacy Rights Act (CPRA) regulations on May 27, 2002.

In this webinar in association with Mondaq, Robert Cunningham and Rod Ghaemmaghami provided observations on the

Ad Law Access PodcastIn April, Law360 published the article “Deepfake Best Practices Amid Developing Legal Practices,” co-authored by partner John Villafranco and associate Rod Ghaemmaghami. The article provides an analysis of deepfake use cases, describes legal tools available to protect against harmful uses of the technology, and suggests some best practices for responsible use of

Deepfake technology has significantly improved over the past few years, allowing for mainstream commercial uses. Deepfake technology is the use of synthetic image, video, or audio. While there are good uses such as protecting the identities of whistleblowers or victims and bad uses such as non-consensual pornography and elder fraud, the advertising industry is already

California officials today announced their nominees to be the five inaugural members of the California Privacy Protection Agency (“CPPA”) Board.  Created by the California Privacy Rights Act (“CPRA”), the CPPA will become a powerful, state-level privacy regulator long before its enforcement authority becomes effective in 2023, and today’s appointments move the CPPA one large step

California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021. The revisions went into effect upon approval. In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes: (1) Notice for Sale of PI Collected Offline: Businesses that sell personal information collected offline must provide an offline notice by means such as providing paper copies or posting signs in a store, or giving an oral notice if collecting personal information over the phone. (2) Opt-Out Icon: The revised regulations provide that businesses may use an opt-out icon in addition to, but not in lieu of, notice of a right to opt out or a “Do Not Sell My Personal Information” link. (3) Do Not Sell Requests: A “Do Not Sell” request must “be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out.” The change prohibits businesses from using any method that is designed to or would have the effect of preventing a consumer from opting out. The revised regulation offers examples of prohibited opt-out practices, which include requiring a consumer to: (A) complete more steps to opt out than to re-opt in after a consumer had previously opted out; (B) provide personal information that is not necessary to implement the opt-out request; and (C) read through a list of reasons why he or she shouldn’t opt out before confirming the request. (4) Consumer Requests from Authorized Agents: A business may now require an authorized agent who submits a request to know or delete to provide proof that the consumer gave the agent signed permission to submit a request. The regulations also preserve the options business previously had of requiring the consumer to verify their identity directly to the business or directly confirming that they provided the authorized agent permission to submit the request. (5) Children’s Information: The addition of the word “or” in section 999.332 requires businesses that sell personal information of children under the age of 13 “and/or” between the ages of 13 and 15 to describe in their privacy policies how to make an opt-in to sale requests. We will continue to monitor closely further developments in CCPA regulations.California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021.  The revisions went into effect upon approval.  In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes:

(1) Notice for Sale of

On March 2, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state to enact comprehensive privacy legislation.

With the VCDPA on the books, companies have the next 22 months to prepare for the VCDPA and the California Privacy Rights Act (CPRA) to go into effect.  This