Off to the Races: Comment Period for CPRA Proposed Regulations Begins
On Friday, July 8th, the California Privacy Protection Agency (CalPPA) began the formal rulemaking process to adopt proposed regulations to implement California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA). The initial written comment period will end on August 23, 2022 at 5:00 pm Pacific Time. To cap off the initial comment period, CalPPA will hold a public hearing on August 24th and 25th, during which the agency will accept oral comments and then close the first comment period.
The rulemaking process will take some time. Indeed, it is possible this initial rulemaking round will not be complete until after Thanksgiving. Revisions to the first draft are expected through likely multiple notice and comment rounds, in addition to deliberations by the CalPPA Board in noticed public meetings. Moreover, once the agency process is complete, the Office of Administrative Law (OAL) will review the proposed regulations to ensure they are consistent with the statute.
Data Regulation Ramps Up in Europe: The AI, Data, and Data Governance Acts
Join Sidley and OneTrust DataGuidance for Part two of the “Data Regulation Ramps Up in Europe” webinar series, where our panel will discuss legislative proposals, including the Artificial Intelligence Act, the Data Act, and the Data Governance Act (DGA). (more…)
China Data Law Update: Certification Rules and Draft Standard Contract Are Issued
As the year approaches its halfway point, Chinese government accelerates the legislation for cross-border data transfers. (more…)
Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new cybersecurity rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The text of the proposed rules is available here. The SEC proposal would continue to ratchet up cybersecurity as an increasingly critical dimension of corporate governance.
Key takeaways from the SEC’s release include the following: (more…)
California Privacy Agency: CPRA Regs Not Likely Until Late 2022
Final regulations implementing the California Privacy Rights Act (CPRA) may not be issued until Q3 or Q4 2022, as reported by Executive Director Soltani of the California Privacy Protection Agency (“CalPPA”) at its February 17th Board meeting. This means that businesses subject to CPRA will not have regulatory guidance on how to implement the CPRA until just months, or possibly weeks, before the law goes into effect on January 1, 2023, assuming the regulations are finalized before the effective date. This is a significant departure from the CPRA’s stated timeline of July 1, 2022 for the adoption of final regulations. While enforcement under CPRA cannot begin until July 1, 2023, and at that time enforcement can only address violations alleged to have occurred on or after that date, businesses are not well-served by the prospect of implementing the significant regulations required by the CPRA in half the statutorily allotted time. (more…)
Fireside Chat: Earning Public Trust Amid Heightened Tech Regulation
On October 19, 2021, Sidley partner Alan Raul engaged in a fireside chat with Julie Brill, Corporate Vice President, Chief Privacy Officer, and Deputy General Counsel of Microsoft at the Reuters Events’ Legal Leaders 2021 Conference. (more…)