May 25, 2022

Volume XII, Number 145

Advertisement
Advertisement

May 24, 2022

Subscribe to Latest Legal News and Analysis

May 23, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

California Publishes Initial Public Comments to CPRA

The California Privacy Protection Agency recently published public comments received in response to its preliminary rulemaking activities for the California Privacy Rights Act (CPRA). The comments were originally solicited in September and due by November 8. The public feedback totals nearly 900 pages. It includes comments from various companies, industry associations, and other interested parties.

The Agency intends to have additional informational hearings to gather more feedback. Its October meeting minutes suggest that the hearings may address topics such as how the procedures for exercising rights is operating, and the “opt out preference signal” or “global privacy control.” Formal rulemaking activities will begin at the conclusion of the agency’s fact gathering. There is no set timetable. That said, the rule-making authority is tied to 6 months after the agency provides notice to the Attorney General (discussed here).

We anticipate that the Agency will not only update existing CCPA rules, but issue new ones. This includes potentially addressing at least 15 topics not originally identified in the CCPA. For example, the access and opt-out rights for processing using automated decision making. This also includes the annual “cybersecurity audit.”

Putting it into Practice: As companies begin to plan and prepare budgets and resources for 2022, keeping an eye on developments and the procedural process for the CPRA regulations will be important. As we approach the new year, companies are also reminded that information collected in 2022 will be subject to CPRA’s 12-month look back period.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 354
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Julia Kadish is an attorney in the Intellectual Property Practice Group in the firm's Chicago office.

Areas of Practice

Julia's practice focuses on data breach response and preparedness, reviewing clients' products and services for privacy implications, drafting online terms and conditions and privacy policies, and advising clients on cross-border data transfers and compliance with US and international privacy regulations and standards. She also workes on drafting and negotiating software licenses, data security exhibits, big data licenses, professional...

312.499.6334
Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Advertisement
Advertisement
Advertisement