Posts

Showing posts with the label California Consumer Privacy Act

States Continue Privacy Law Enforcement Efforts

Recent enforcement activities in California and Connecticut highlight that states are ready and willing to actively enforce their comprehensive privacy laws . These recent actions – which continue the trend of  states ramping up privacy enforcement activity  – make clear that regulators are taking compliance with state comprehensive privacy laws seriously. Below we highlight two recent enforcement actions and flag key takeaways for companies, including the importance of (i) building a compliance strategy that emphasizes clear communication with consumers; (ii) being responsive to regulatory inquiries; and (iii) providing clear and operative opt-out mechanisms. California On July 1, the California Attorney General (AG)  announced  a settlement with website publisher Healthline Media LLC. The settlement is based on the California Department of Justice’s allegations related to the use of sensitive data for targeted advertising purposes; specifically, the AG alleged that...

Healthline to Pay $1.55M for Alleged CCPA Violations: Key Lessons for Businesses from Largest Settlement Yet

Healthline Media has agreed to pay $1.55 million to resolve allegations that it violated the California Consumer Privacy Act (CCPA) – which is the largest settlement to date under the state’s landmark privacy law. The California Attorney General alleged that the company’s health information website, Healthline.com , failed to allow consumers to opt out of targeted advertising and shared data – including information about potential medical conditions – with third parties without proper privacy protections. The settlement, which still needs to be approved by the court, also contains a unique provision: it prohibits Healthline from sharing information with third parties about article titles consumers view that may reveal a medical diagnosis . Here's a breakdown of the allegations and settlement terms, as well as a six-step compliance plan for businesses that operate in California or collect data from California residents. Background and Allegations Healthlin...

We Get Privacy for Work: The Increasing Importance of Data Mapping

Transcript INTRO To effectively and immediately respond to cybersecurity data breaches – and remain compliant with the constant bevy of new data privacy laws – you need to know what data your organization is collecting and from whom.   On this episode of We get Privacy for work, we discuss data mapping, the most efficient way to keep track of the information your organization is collecting and storing .   Today's hosts are Damon Silver and Joe Lazzarotti, co-leaders of the firm’s Privacy, Data and Cybersecurity Group and principals, respectively, in the firm's New York City and Tampa offices.   Damon and Joe, the question on everyone’s mind today is: What is data mapping, how do I implement it and how does that impact my organization?     Damon Silver Principal, New York City  Welcome to the We get privacy podcast. I'm Damon Silver, and I'm joined by my co-host, Joe Lazzarotti. Joe and I co-lead the Privacy Data and Cybersecurity Group at Jackson Lewis. In ...

Exploring California’s Proposed AI Bill

California lawmakers have proposed new legislation to reshape the growing use of artificial intelligence (AI) in the workplace. While this bill aims to protect workers, employers have expressed concerns about how it might affect business efficiency and innovation. What Does California’s Senate Bill 7 (SB 7) Propose? SB 7, also known as the “No Robo Bosses Act,” introduces several key requirements and provisions restricting how employers use automated decision systems (ADS) powered by AI . These systems are used in making employment-related decisions, including hiring, promotions, evaluations, and terminations. The pending bill seeks to ensure that employers use these systems responsibly and that AI only assists in decision-making rather than replacing human judgment entirely. The bill is significant for its privacy, transparency, and workplace safety implications, areas that are fundamental as technology becomes more integrated into our daily work lives. Privacy and Transparency Prote...

California’s Proposed Location Privacy Act: A Potential Game-Changer for Tracking Location of Individuals

Businesses that track the geolocation of individuals—whether for fleet management, sales and promotion, logistics, risk mitigation, or other reasons—should closely monitor the progress of  California Assembly Bill 1355  (AB 1355), also known as the  California Location Privacy Act . If passed, this bill would impose significant restrictions on the collection and use of geolocation data, requiring many businesses to overhaul their location tracking policies and procedures. California has long been at the forefront of data privacy regulation, particularly in the area of location tracking.  Section 637.7  of the California Penal Code, for example, provides that no person or entity in California may use an electronic tracking device to determine the location or movement of a person. Notably the law does not apply when the registered owner, lessor, or lessee of a vehicle has consented to the use such a device with respect to that vehicle . More recently, the  Ca...

Do Dark Patterns Lurk on Your Website? 4 Steps Businesses Should Take as Regulators Focus on How Privacy Rights Are Presented on Websites

  Businesses with a website beware: California regulators just warned that the law prohibits your website from making website users jump through hoops or otherwise confusing them as they try to exercise their privacy rights, regardless of whether you intend to have that effect. If your website can be accessed by California residents, regardless of where your business is located, this news may impact your business. The California Privacy Protection Agency published its second Enforcement Advisory warning about the use of “dark patterns” – those interfaces that impair a website user’s ability to make a choice regarding the collection, use, or disclosure of their personal information – on September 4. It reflects the Agency’s focus on how privacy choices, particularly consent to use of cookies and other similar technologies on websites, are presented to consumers in compliance with the California Consumer Privacy Act (CCPA). What are the four steps you should take to ensure you comp...