Recently signed into law by California Governor Gavin Newsom on September 15, 2022, the California Age-Appropriate Design Code Act (“AADC”) changes the playing field for certain businesses that provide online services, products, or features accessible to children under the age of 18. Although California models its new law after the Children’s Code passed by the UK, the AADC is first state law of its kind in the US.… More
Tag Archives: California
Federalism Rankles National Privacy Debate: California Weighs in on the proposed American Data Protection and Privacy Act
As states have continued to debate and pass new comprehensive privacy statutes – such as those in Virginia and Colorado – a common refrain from business leaders is the need for a comprehensive federal privacy statute that will lessen the need to comply with a patchwork of state laws. Indeed, the absence of serious privacy protections at the federal level – something akin to PIPEDA in Canada or the GDPR in Europe – has long spurred states to act as online data gathering and brokering has grown and advanced well beyond what most extant federal law contemplates. … More
CCPA: The (Qualified) Right to Deletion
The California Consumer Privacy Act (“CCPA”) is expected to become operative on January 1, 2020 and will usher in a new era of data privacy for consumers across the United States. The CCPA establishes various rights for individuals, most notably the right to know about the collection, sale, and disclosure of their personal information, the right to opt-out of the sale of their personal information, and – the subject of today’s post – a limited right to request that their personal information be deleted.… More
Can Law Enforcement Force You To Use Your Finger to Unlock Your Phone?
Can a fingerprint alone provide “testimony” about a person? Earlier this month, a federal court in California said yes. But the court was not engaging in a highly-localized form of palm-reading; rather, the question arose in the ever-evolving field of how to balance law enforcement needs and individual citizens’ privacy interests as new technologies emerge.
The United States District Court for the Northern District of California has been a hotspot for privacy-related litigation,… More
Senator Warner’s White Paper Gives Congress Options for Regulating Social Media and Technology Companies
Senator Mark Warner of Virginia has released a white paper outlining policy proposals for regulating social media and technology companies. The paper has gained significance in recent weeks as pressure builds on Congress to pass federal data privacy legislation. In the wake of Europe’s GDPR and California’s Consumer Privacy Act, industry groups, tech companies, and privacy activists alike have urged Congress to act.… More
California Passes New Data Privacy Law With National Implications
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of.
1. Effective date
The law is slated to go into effect on January 1, 2020. However, the California State Legislature has the option of offering amendments to alter the law between now and its effective date,… More
States Continue to Upgrade Data Privacy Laws – A Look at North Carolina
A recent Security Breach Report published by the North Carolina Attorney General’s Office provides a snapshot of the various data security threats currently riling the state’s public and private sectors. Since 2006, the year North Carolina businesses and government entities became statutorily obligated to report breaches to the Attorney General’s Office, reported data breaches have skyrocketed from 86 to over one thousand. In turn,… More
In Riley v. California, Supreme Court Rules Police Must Obtain Warrant before Searching Cell Phones
In a unanimous decision issued today, the Supreme Court ruled that police cannot search the cell phones of arrested individuals without a warrant. In reaching its decision, the Court recognized that there is an immense amount of personal information on smart phones and held that access to that information would constitute a significant invasion of individual privacy. With the relatively recent invention of cell phones and the sudden pervasiveness of smart phones in the United States,… More
Health Net Announces Second Major Breach in Two Years; Creates Potential for Largest Ever Penalty
On March 14, the California-based managed care organization, Health Net, Inc., announced that it cannot account for "several server drives" that contained protected health information. According to California regulators, these servers appear to contain the data of 1.9 million people nationwide:
The company announced today that nine of its server drives containing personal information for 1.9 million current and past enrollees nationwide are missing, including records for more than 622,000 enrollees in Health Net products regulated by the DMHC,… More
California Department of Public Health Issues Privacy Breach Fines to 8 Health Care Facilities
On November 19, the California Department of Public Health (CDPH) announced that eight health care facilities (mostly hospitals) have been assessed administrative penalties and fines totaling $792,500 after a determination that the facilities failed to prevent unauthorized access to confidential patient medical information.
The fines ranged from a low of $5,000 to a high of $250,000:
- Biggs Gridley Memorial Hospital, Gridley, Butte County: The hospital was assessed a $5,000 fine after the facility failed to prevent unauthorized access of one patient’s medical information by two employees on three occasions.…