On Friday, January 28, the world celebrated its 16th Data Protection/Privacy Day. As the privacy community capped off a week of programming and gazed into the future of potential data privacy enforcement [1], the celebrations were quickly overshadowed by California Attorney General Rob Bonta, who announced that his office was targeting businesses operating loyalty programs for potential enforcement actions. According to Bonta, his office issued “notices to business[es] that operate loyalty programs and use personal information in violation of California’s data privacy law.” [2] Accordingly, it is expected that a plethora of businesses may soon receive notices of noncompliance. Once a business receives a notice of noncompliance, that business will have 30 days to cure or fix the alleged violation before an enforcement action is initiated. Enforcement actions may result in penalties of up to $7,500 per violation, which can quickly accrue to significant amounts.
Continue Reading Data Privacy Day Surprise Enforcement for Loyalty Programs

Guest Author: Jasmine Zhao, a student at Loyola Law School.

On August 20, 2021, the Personal Information Protection Law (PIPL), regarded as China’s GDPR, was signed into law, and will become effective on November 1, 2021. The PIPL supplements China’s Cybersecurity Law and the Data Security Law, expanding China’s legal framework for the protection and regulation of data security and personal information. The PIPL has an extraterritorial scope, imposing broad disclosure, consent, and cross-border transfer obligations on organizations that provide products or services to or analyze activities of people within China.

Continue Reading China’s Stringent Data Law Will Become Effective Soon

There have been several notable developments this month at the California Attorney General’s office relating to the CCPA. First, California Attorney General (AG) Rob Bonta held a press conference and issued a press release regarding CCPA enforcement in the past year. AG Bonta signaled that under his leadership, as under prior California Attorneys General, such as now Vice President Kamala Harris and United States Department of Health and Human Services Secretary Xavier Becerra, the AG’s office will continue its focus on privacy. AG Bonta emphasized the importance of the CCPA at a time when so much of our lives has moved online due to the COVID-19 pandemic and that “there’s more work to be done.” He reported “great progress” in CCPA enforcement, noting that 75% of businesses that received a notice of violation came into compliance within the CCPA’s 30-day cure period, while the remaining 25% are within the cure period or currently under active investigation.
Continue Reading Recent Developments at the California Attorney General’s Office Concerning the CCPA and Enforcement

Last week a new privacy law limiting what businesses can do with biometric data (for example, facial recognition information and fingerprints) took effect in New York City. The new ordinance requires commercial establishments that collect biometric information to post notices to customers explaining how their data will be used. The law applies to a wide range of businesses, including stores, restaurants, and theaters. The ordinance defines “biometric identifier information” as any “physiological or biological characteristic that is used by or on behalf of a commercial establishment, singly or in combination, to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan, (ii) a fingerprint or voiceprint, (iii) a scan of hand or face geometry, or any other identifying characteristic.” The law does, however, permit the collection, use, and retention of biometric identifying data if a notice to customers in “plain, simple language” is clearly displayed. The NYC Commissioner of Consumer and Worker Protection is expected to issue further guidance detailing the exact requirements that businesses must follow to comply with the law.
Continue Reading Biometrics Privacy Law Takes Effect in NYC

Perkins Coie was pleased to host California Attorney General Rob Bonta for a May 25 virtual event with business leaders from across a range of sectors, including healthcare, finance, retail, and technology. Attorney General Bonta is the 34th person to hold his office and was sworn in just a month ago on April 23. He shared about his background as well as his passion for protecting Californians.

Continue Reading Dominique Shelton Leipzig and David Biderman Host California Attorney General Rob Bonta

On April 7, ​​Perkins Coie’s CXO Summit gathered more than 50 C-suite and board leaders for an executive leadership virtual forum addressing how technology is shaping healthcare’s future amid the COVID-19 pandemic.

Hosted by Perkins Coie partners Dominique Shelton Leipzig, David Biderman, and Jill Louis, the CXO Summit participants discussed how technology is being used to further combat COVID-19, monitor patient diagnostics, augment clinical workflows, detect fraud and data breaches, and inform effective treatments, among other key tasks and medical interventions.
Continue Reading Perkins Coie Convenes CXO Summit Addressing Future of Healthcare Technology

Guest Author Bird & Bird, Anna Shashina, Partner

On March 1, 2021, substantial amendments to the Russian Federal Law on Personal Data (No. 152-FZ), implemented on July 27, 2006, came into effect (“Amendments”). The Amendments change the rules on processing of publicly disseminated personal data and affect businesses that publish or use personal data on the internet. In particular, employers who publish employee personal data on a website need to examine the Amendments and implement new consent requirements. Data subjects now have wider powers to control and authorize the processing of their data in the public domain. Data subjects also have a right to request that data operators that are disseminating their data (and any company down the data processing chain) cease transferring such data.

What Are the Key Amendments?
Continue Reading Russia: Overhaul of Publicly Disseminated Data Processing

On March 15, 2021, the California Attorney General approved additional regulations for the California Consumer Privacy Act (CCPA), which focuses on the right to the right to opt-out of sale, authorized agents, and notices to consumers under 16 years of age.  Specifically, sections 999.306, 999.315, 999.326 and 999.332 were revised and/or added to the CCPA regulations in this final review.  This privacy quick tip highlights the changes that were made.
Continue Reading California Attorney General Approves New Regulations Governing the California Consumer Privacy Act

On March 17, 2021, California officials announced their appointees to the five-member inaugural board of the California Privacy Protection Agency (CPPA). Approved by voters in the November 2020 election cycle, the California Privacy Rights Act (CPRA) called for the creation of the CPPA, an administrative agency tasked with the enforcement of the CPRA and the 2018 California Consumer Privacy Act (CCPA). Below is an overview of the CPPA Board and the appointees who will be leading the agency.
Continue Reading California Officials Announce Board Member Appointees to the California Privacy Protection Agency