.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.png?width=148&height=200&name=Privacy%20Insider%20Book%20(mock%20w%20shadow).png)
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
Remember back in early July when we reported on the delay of CPRA enforcement? If you’ll recall, California Superior Court Judge James Arguelles ruled that because the California Privacy Protection Agency (CPPA) didn’t issue its CPRA regulations until March of 2023, then enforcement ought to be delayed correspondingly. So, rather than begin on July 1, 2023, CPRA enforcement would start March 29th, 2024 instead.
At the time, we warned that this would not mean that all enforcement would be delayed until 2024. That certainly appears to be the case. CPPA Executive Director Ashkan Soltani stated that “significant portions” of the CCPA’s privacy protections could be enforced starting July 1.
The CPPA Deputy Director of Enforcement, Michael Macko, said, “There’s no vacation here from enforcement. When we find violations, we will take aggressive action to protect the public.”
The California Attorney General’s Office is in the midst of an investigative sweep of companies’ compliance in regard to employee data. Meanwhile, the CPPA is investigating data collected by connected cars.
If you were hoping that the delay in CPRA enforcement meant you could put compliance off for another year, no dice. Clearly, the California Attorney General and CPPA intend to enforce as much of the law as they are permitted to. As for those portions that have been delayed, the CPPA and Attorney General have filed a petition to overturn Judge Arguelles’s decision.
Best,
Arlo
Top Privacy Stories of the Week
Illinois Just Made It Possible to Sue People for Doxxing Attacks
Governor Pritzker recently signed the Civil Liability for Doxing Act, which makes it possible for victims to sue attackers who "intentionally" publish their personally identifiable information with intent to harm or harass them.
AI Vs. Privacy: How to Reconcile the Need for Sensitive Data with the Principle of Minimization
In order to train and test AI systems against bias, businesses need access to sensitive data such as race, gender, age, and other demographic categories—but often there is no other business need for such data. How can businesses skirt the line between developing unbiased AI systems and respecting data minimization principles?
CPRA Enforcement Activity Underway Despite Court Ruling to Delay
Despite a court ruling to delay CPRA enforcement until March, 2024, the California Attorney General’s Office and CPPA have initiated enforcement sweeps. Find out how in the link below.
Ready for the New Swiss Data Protection Law? Implications for Organizations Outside Switzerland
As of September 1, Switzerland will have an updated version of its 1992 Swiss Federal Act on Data Protection. The new act brings Switzerland into closer alignment with the EU’s GDPR.
Osano Blog: Q: When Should You Get Your Privacy Team Involved?
Osano’s own Head of Privacy, Rachael Ormiston, dives deep into the subject of privacy collaboration. Check out the blog to learn when and how to work with your privacy professionals in order to maximize compliance, minimize risk, and keep the business running smoothly.
If you’re interested in working at Osano, check out our Careers page!
