On August 28, 2023, the California Privacy Protection Agency (the “Agency”) released two sets of draft regulations under the California Consumer Privacy Act (the “CCPA”), one for risk assessments and another for cybersecurity audits, as part of the Agency’s informal rulemaking process. We discuss the draft cybersecurity audits in California Proposes Annual Audits to Assess […]
Oregon Enacts Comprehensive State Privacy Law
On July 18, 2023, Oregon Governor Tina Kotek signed the Oregon Consumer Privacy Act (SB 619)(“OCPA”) into law, making Oregon the eleventh state to enact a comprehensive state privacy law. OCPA will take effect on July 1, 2024, however the effective date for covered non-profits is delayed until July 1, 2025. While OCPA aligns with […]
NIST Cybersecurity Framework 2.0 Released for Public Comment
On August 8, 2023, the National Institute of Standards and Technology (NIST) released the initial draft of its Cybersecurity Framework 2.0 and draft Implementation Examples for public comment. This marks the first significant update to the NIST Cybersecurity Framework (“Framework”) since its initial release in 2014, which is intended to address current and future cybersecurity […]
California Attorney General Launches CCPA Investigative Sweep for Employers
On July 14, 2023, California Attorney General Rob Bonta launched investigations into large California employers regarding their compliance with the California Consumer Privacy Act (the “CCPA”) as it relates to their processing of employee and job applicant personal information. Attorney General Bonta’s investigative sweep is the first CCPA enforcement activity related to employee data. The […]
Texas Becomes Tenth State to Enact a Comprehensive State Privacy Law
On June 18, 2023, Texas Governor Greg Abbott signed the Texas Data Privacy and Security Act (HB 4) (“TDPSA”) into law, making Texas the latest contributor to the growing patchwork of comprehensive U.S. state privacy laws. TDPSA takes effect July 1, 2024, except for provisions that enable consumers to designate authorized agents to exercise on […]