Posts

Showing posts with the label opt-out

The CCPA and Automated Decision-Making Technologies (ADMT)

As artificial intelligence (AI), particularly generative AI, becomes increasingly woven into our professional and personal lives—from personalized travel itineraries to reviewing resumes to summarizing investigation notes and reports—questions about who or what controls our data and how it’s used are ever present. AI systems survive and thrive on information and that intersection of AI and privacy elevates the need for data protection. Recent  regulations  issued by the California Privacy Protection Agency (CPPA) under the California Consumer Privacy Act (CCPA) begin to erect those protections. Among its various provisions, the CCPA now specifically addresses automated decision-making technologies (ADMT), attempting to bring transparency and consumer rights to, among other things, push back on algorithms making significant decisions about them. As a starting point, it is important to define ADMT. Under the CCPA, it means any technology that processes personal information and ...

California Breaks New Ground With Record $1.35M Fine for Job Applicant Mistakes: 6-Step Action Plan for Employers

The California Privacy Protection Agency, the state’s main data privacy regulator, just announced its largest fine yet – a record-setting $1.35 million – against an employer that it found to have violated job applicant and consumer privacy rights . Today’s announcement marks the first-ever enforcement action involving job applicants, kicking off a new chapter when it comes to the way employers need to think about the California Consumer Privacy Act (CCPA). If you collect information from California job applicants, employees, or consumers, you will want to review our summary of this groundbreaking news and follow our six-step action plan. What Happened? The California Privacy Protection Agency (CPPA) launched its investigation against Tractor Supply, the nation’s largest rural lifestyle retailer, after it received a solitary complaint from a consumer in Placerville, CA. It is not publicly known whether this consumer was a job applicant, employee, website user, retail customer, or other...

New California Regs Will Impact Your AI and Privacy Policies: FAQs on Automated Decision-Making, Risk Assessments, and Cybersecurity Audits

California regulators unanimously approved a sweeping set of regulations on July 24 governing the use of automated decision-making technology (ADMT) and mandating risk assessments and cybersecurity audits for businesses subject to the California Consumer Privacy Act . The regulations will impose significant new obligations on businesses regarding pre-use notices, opt-out rights, annual cybersecurity audits, and detailed risk assessments. The California Privacy Protection Agency (CPPA) must now submit the regulations to the Office of Administrative Law , which has 30 working days to review them for compliance with the Administrative Procedure Act . Approval is expected. We’ll explain the new requirements for covered businesses and provide key action items to help you comply. Automated Decision-Making Technology (ADMT)   What is an ADMT? An ADMT is any technology that processes personal information and uses computation to replace or  substantially   replace human decision m...

Healthline to Pay $1.55M for Alleged CCPA Violations: Key Lessons for Businesses from Largest Settlement Yet

Healthline Media has agreed to pay $1.55 million to resolve allegations that it violated the California Consumer Privacy Act (CCPA) – which is the largest settlement to date under the state’s landmark privacy law. The California Attorney General alleged that the company’s health information website, Healthline.com , failed to allow consumers to opt out of targeted advertising and shared data – including information about potential medical conditions – with third parties without proper privacy protections. The settlement, which still needs to be approved by the court, also contains a unique provision: it prohibits Healthline from sharing information with third parties about article titles consumers view that may reveal a medical diagnosis . Here's a breakdown of the allegations and settlement terms, as well as a six-step compliance plan for businesses that operate in California or collect data from California residents. Background and Allegations Healthlin...