Effective January 1, 2026, new legislation in California and Oklahoma will introduce important updates to each state’s breach notification requirements. These changes may significantly impact breach response obligations for businesses operating in or handling data related to residents of these states. Below is a summary of the key provisions under each law. California – Senate […]
California
California Passes Generative AI “Training Transparency” Bill
On August 27, 2024, the California state legislature passed Assembly Bill 2013 and sent it to Governor Gavin Newsom for signature. If passed, AB 2013 would require companies that make generative AI systems and services publicly available to Californians to post documentation on their website about the data used to train such AI systems and […]
California Privacy Protection Agency Issues Invitation for Preliminary Comments on Proposed Rulemaking on Risk Assessments, Cybersecurity Audits, and Automated Decisionmaking
The California Privacy Protection Agency (CPPA) issued an Invitation for Preliminary Comments on Proposed Rulemaking (Invitation) Friday as it considers new rules regarding Risk Assessments, Cybersecurity Audits, and Automated Decisionmaking. The proposed rulemaking is pursuant to California Civil Code § 1798.185(a)(15)-(16), which directs the CPPA to draft regulations on these topics. Although the Invitation enumerates […]
California Privacy Protection Agency Approves CCPA Regulations
The California Privacy Protection Agency (CPPA) voted unanimously Friday to approve the newest version of the draft California Consumer Privacy Act (CCPA) regulations. These regulations are substantively the same as those considered by the CPPA Board during its October 2022 meeting. This vote marks the conclusion of a chapter that began in May 2022, when […]
CCPA Carve-Out for Online Advertising? Proposed Amendment Exempts Certain Advertising Data from Do-Not-Sell Restrictions
California passed the California Consumer Privacy Act (CCPA) in September 2018, and the CCPA enters into force on January 1, 2020. One of the CCPA’s core elements is a right for consumers to know when a company is selling their data, and to opt-out of data sales at any time. This was the primary focus […]