The California Attorney General’s Office released its long-awaited proposed CCPA regulations last week.  The proposed regulations are 24 pages long, and address a number of important technical compliance issues including how businesses should:

  • provide just in time notice to consumers of personal information collected;
  • provide notice to consumers of the right to opt out of

The CCPA takes effect on Jan. 1, 2020.  In this podcast, we take a close look at the CCPA’s coverage and unique features, the scope of its “GLBA exemption,” third party issues, private actions and enforcement remedies, federal privacy law initiatives and the CCPA’s influence on state initiatives, and steps for companies facing CCPA compliance.

Just two days after the Federal Trade Commission (“FTC”) announced a historic settlement of privacy and security claims against Equifax, the FTC today announced that Facebook has agreed to pay $5 billion in civil fines, arising from its violation of a 2012 consent order with the FTC.  According to the FTC, this is the largest

I am pleased to announce that Kim Phan, an attorney noted for her work on privacy and data security issues for a variety of industries, including consumer financial services, retail, and higher education, has returned to Ballard Spahr as a partner after a short absence.  She will be based in the firm’s Washington, D.C. office.

The FTC has proposed amendments to its 2003 Safeguards Rule and 2000 Privacy Rule, applicable to financial institutions under the Gramm Leach Bliley Act (GLBA).  The proposed changes are informed by the FTC’s enforcement experience and are intended to keep pace with technological developments.

The Safeguards Rule requires financial institutions to have a comprehensive information

The CFPB has issued a final rule amending the provisions of Regulation P that implement the Gramm-Leach-Bliley Act (GLBA) annual privacy notice requirement.  The final rule is intended to reflect the GLBA amendments made by the Fixing America’s Surface Transportation Act that exempted financial institutions meeting certain conditions from the annual notice requirement.  The statutory

Colorado has enacted groundbreaking privacy and cybersecurity legislation that will require covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information properly, ensure that confidential information is protected when transferred to third parties, and notify affected individuals of data breaches in the shortest time frame in the country.

The new

The Association of Corporate Counsel (ACC) Foundation has released The State of Cybersecurity Report (2018), underwritten by Ballard Spahr.  The report, subtitled “An In-House Perspective,” provides insights on corporate cybersecurity issues from more than 600 general counsel, chief legal officers, and other senior law department leaders at organizations worldwide.

The new report, which updates and

In the absence of federal action, state legislators continue to propose bills that would increase data privacy and security protections for consumers.  Any entity that does business in these states or maintains confidential information of their residents should monitor the legislation to determine whether and how the proposed changes may affect operations.

The bills are

We are pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.  It will offer insights into the latest transactional, governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber