The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) gives consumers increasingly more control over their personal information when collected by businesses subject to the law. We have previously discussed the compliance requirements of these data privacy laws on organizations doing business in California.[1] Significantly, CCPA/CPRA defines the term “consumer” to mean any California resident; which from a business perspective, such a broad definition encompasses not only the business’s individual customers, but also its employees, job-applicants or even business-to-business (B2B) contacts. With the moratoriums currently in place for B2B and employee/applicant data sunsetting on January 1, 2023 and not likely to be extended, and the prospect for federal data privacy legislation with wide preemptive effect of state law looking less likely, businesses should be actively preparing to meet these expanded statutory obligations.
Blog Editors
Recent Updates
- Federal Embryo Adoption Program Raises Potential Legal Questions for Reproductive Health
- Vermont’s H. 583 Restricts Private Equity and Hedge Funds with Ownership and Controlling Interests from Interfering with Clinical Judgment of Health Care Providers
- DOJ’s Second National Health Care Fraud Takedown of the Second Trump Administration Heavily Targets Medicaid Fraud
- FDA Regulations to Establish Minimum CGMP Requirements for Manufacturing, Packaging, Labeling, and Holding of Dietary Supplements
- OIG Advisory Opinion 26-14 Offers Another Favorable Path for Patient Access Through Sponsored Testing