March 23, 2023

Volume XIII, Number 82
Advertisement

41

New Articles
Bottom Row Image
Advertisement

March 22, 2023

Subscribe to Latest Legal News and Analysis

March 21, 2023

Subscribe to Latest Legal News and Analysis

March 20, 2023

Subscribe to Latest Legal News and Analysis

Article By

Mary T. Costigan
Jason C. Gavejian
Joseph J. Lazzarotti
Sean Paisan
Damon W. Silver
Robert Yang

Jackson Lewis P.C.
Workplace Privacy, Data Management & Security Report

Related Practices & Jurisdictions
Advertisement

California Privacy Protection Agency Passes Revised Regulations

Thursday, February 9, 2023

After a significant delay, on February 3, 2023, the California Privacy Protection Agency (CPPA) unanimously approved amended regulations. The new regulations have not yet gone into effect as they must first be approved by the Office of Administrative Law (OAL). The CPPA’s General Counsel advised that there is no guarantee that the regulations would be approved on the first go-around. As the OAL has 30 business days to determine whether the CPPA complied with all rulemaking requirements, it is anticipated the regulations may take effect as early as April 2023.

The revised regulation is intended to do the following:

  1. Update existing regulations to fit with amendments made by the California Privacy Rights Act (CPRA).

  2. To put into operation new rights and concepts introduced by the CPRA

  3. Make the regulations more streamlined and easier to understand.

The revised regulations include regulations on data processing agreements, consumer opt-out mechanisms, mandatory requirements for recognition of opt-out preference signals, and consumer request handling.

The regulations were not substantively changed from the second modification in October 2023, which included:

  • Sections clarifying how consumers can opt out of having their data sold or shared, including via opt-out preference signals.

  • Provisions providing allowances for enforcement flexibility, which are intended to assuage businesses’ concerns that the current delay in adopting final regulations will present compliance challenges.

  • Allowances for businesses, service providers, and contractors to delay compliance with requests to correct archived or backup systems until the data is restored to an active system or is next accessed or used.

Jackson Lewis P.C. © 2023National Law Review, Volume XIII, Number 40
Advertisement
Advertisement
Advertisement

About this Author

Mary Costigan, Jackson Lewis Law Firm, Privacy Attorney, Cybersecurity, Berkeley Heights
Mary T. Costigan
Of Counsel

Mary T. Costigan is Of Counsel in the Berkeley Heights office of Jackson Lewis P.C. She holds a Certified Information Privacy Professional/US designation from the International Association of Privacy Professionals (iapp). Ms. Costigan advises multinational, national, and regional companies on emerging privacy and cybersecurity issues, including the broad and growing array of mandates, best practices, and preventive safeguards. In particular, she focuses on advising and assisting clients in matters relating to compliance with the General Data Protection Regulation (GDPR)...

[email protected]
908-795-5135
www.jacksonlewis.com
Jason C. Gavejian
Jason C. Gavejian, Employment Attorney, Jackson Lewis, Principal, Restrictive Covenants Lawyer
Principal

Jason C. Gavejian is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. and a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

Mr. Gavejian represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination and wage and hour claims in both federal and state courts. Additionally, Mr. Gavejian regularly appears before administrative agencies,...

[email protected]
(973) 538-6890
www.jacksonlewis.com
Joseph J. Lazzarotti
Principal

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and...

[email protected]
973- 538-6890
www.jacksonlewis.com
Sean Paisan
Associate

Sean Paisan is Of Counsel in the Orange County, California, office of Jackson Lewis P.C. His practice focuses on workplace safety and health (OSHA), data privacy, and traditional employment matters, including litigation and counseling.  

Sean’s first exposure to OSHA regulations occurred during his undergraduate studies while working for a construction company that helped build Disney’s California Adventure. After attending law school and working for the Los Angeles County District Attorney’s Office and the United States...

[email protected]
949-885-5233
www.jacksonlewis.com
Damon W. Silver
Damon Silver, Employment Lawyer, Corporate Matters, Jackson Lewis
Associate

Damon W. Silver is an Associate in the New York City, New York, office of Jackson Lewis P.C.

In his Privacy, e-Communication and Data Security practice, Mr. Silver advises clients in various industries on compliance with federal and international privacy laws, including HIPPA, the ADA, GINA, FMLA, the TCPA, FCRA, and the EU-U.S. Privacy Shield. He also provides guidance to organizations on data breach prevention and response. 

In the area of employment litigation, Mr. Silver defends...

[email protected]
212-545-4063
jacksonlewis.com