How to Keep Up With New Privacy Laws

There has been a wave of emerging and detailed privacy laws from the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"), to the General Data Protection Regulation ("GDPR") - how can companies stay on top of new requirements?

In fact, draft regulations for the CCPA were recently published, adding requirements and specifications to existing regulations for companies doing business in California; and the CCPA now has a new enforcement agency, the California Privacy Protection Agency ("CPPA").

The legal landscape includes international, issue and industry-specific, and various state laws, such as the Colorado Privacy Act ("CPA"), Connecticut Data Privacy Act ("CDPA"), Delaware Online Privacy and Protection Act ("DOPPA"), Nevada Revised Statutes, Utah Consumer Privacy Act ("UCPA"), Vermont Statutes, Virginia Consumer Data Protection Act ("VCDPA"), and Illinois Biometric Information Privacy Act (“BIPA”), not to mention federal legislation including the Federal Trade Commission ("FTC") Act, Children's Online Privacy Protection Act ("COPPA"), Gramm-Leach-Bliley Act ("GLBA"), Telephone Consumer Protection Act ("TCPA"), Telemarketing Sales
Rule (“TSR”), CAN-SPAM, Health Insurance Portability and Accountability Act ("HIPAA"), and various FTC rules and guidelines. Businesses may also be confused about European and international laws and standards, such as the Privacy Shield and Standard Contractual Clauses ("SCCs").

Experienced counsel can assist navigating these ever-changing requirements, including by:

• Assisting with necessary data mapping and/or risk impact assessments;
• Updating consumer privacy policies and terms of service, as well as consumer-facing privacy notices (e.g., "Do Not Sell or Share My Personal Information," "Your Privacy Choices," and "Limit Use of My Sensitive Personal Information");
• Updating internal privacy and data security policies (e.g., employee training, data retention policy, incident response plan, and data security policy); and
• Updating contracts with related companies and others, including CCPA categories for "service providers," "contractors," and "third parties."

Kronenberger Rosenfeld regularly advices clients on privacy and general advertising compliance and litigation matters.