Insight
Building an Enterprise Privacy Framework
Chris Jurs, VP of our Data Privacy practice, and Donel Martinez, a Director in our Risk Consulting group, discuss practical ways organizations can leverage the NIST Privacy Framework to build an enterprise-wide privacy strategy. This conversations is designed for privacy, audit, and compliance professionals.
Insight
More Changes Coming to the CCPA
2020 has been a major year for the California Consumer Privacy Act (CCPA). After two years of anticipation, the CCPA went into effect on January 1, 2020 and then enforcement for the law began six months later on July 1, 2020. The Attorney General also submitted the final proposed regulations for the CCPA to the Office of Administrative Law (OAL) on June 1, which were approved and went into effect two months later on August 14, 2020.
Insight
Webinar: A Buyer’s Guide to Penetration Testing
Whether you're looking to refresh your pen testing routine or to integrate a new type of test (maybe application testing or a device testing), buying a pen test doesn't have to be painful.
In this webinar, Jeremy Archer, Managing Director of our Cyber Defense practice, sits down with sales leader Scott Maxwell to discuss how to shop for a pen test. Jeremy and Scott have worked with a wide range of business leaders - from audit directors to CISOs - and have designed this conversation to connect with everyone, whether you're buying your first pen test or your fiftieth.
Insight
The Final Countdown: The CCPA’S Employee Information Exemption Ends in January
Updated October 19: On September 30, 2020, the California Attorney General signed AB 1281 into law extending the exemption on employee rights until January 1, 2022.
In October 2019, the California legislature passed Assembly Bill 25, an amendment that exempts employers from complying with certain CCPA requirements when it comes to the data of employees and job applicants. AB 25 was set to sunset on January 1, 2021, after which employee personal information would be granted the same rights and protections as consumer personal information as set forth by the CCPA. In the rush to comply with the CCPA this year, many businesses took advantage of this amendment and put these employee data requirements on the backburner. However, this deadline was recently extended until January 1, 2022.
Companies will be able to continue to delay compliance efforts with this exemption for another year, as the California Attorney General recently signed Assembly Bill 1281 into law, extending the exemption on employee rights until January 1, 2022. Employee information under the CCPA covers a large swath of data and significant individual rights, so despite having another year to prepare, organizations should not delay compliance efforts for employee information too long. Keep reading to ensure your organization understands all the CCPA’s requirements for employee personal information and is prepared to comply before they go into effect.
Insight
The California Privacy Rights Act (CPRA): Is it the CCPA 2.0?
Companies have barely had time to catch their breath since the California Consumer Privacy Act (CCPA) took effect this year, and California is already looking to pass a second, possibly tougher law. Many considered the CCPA to be the strictest privacy law ever in the U.S., which may not be true soon. Instead, the California Privacy Rights Act (CPRA), often referred to as “CCPA 2.0,” could earn that title if passed in the November general elections.
Backed by the Californians for Consumer Privacy (the group that first drafted the CCPA), the CPRA would amend the CCPA, creating new privacy obligations for organizations and significantly expanding the rights of consumers. If approved by voters this November, the CPRA would go into effect on January 1, 2023, but certain provisions like those pertaining to the collection of person information would go into effect immediately. Therefore, companies will once again need to update their privacy programs in order to comply with an even more rigorous set of data protection requirements.
In this blog, we’ll take a closer look at the CPRA, how the law compares to the CCPA, and what your company can do now to prepare if it passes in November.