The January 1, 2020, deadline to comply with the California Consumer Privacy Act (CCPA) is fast approaching. Signed into law in the summer of 2018, the CCPA creates a variety of new consumer privacy rights and will require many companies to implement policies and procedures to manage and comply with new consumer-facing responsibilities. Catch up on the details of the CCPA in our previous post, this LawFlash, and the Morgan Lewis CCPA resource center.

In a recent Law360 article, Morgan Lewis lawyers Gregory Parks, Kristin Hadgis, and Terese Schireson discussed the recently passed bill in Nevada – Nevada Senate Bill 220 (SB 220) – that will require defined “operators” of websites or online services that are used for commercial purposes and collect personal data of Nevada consumers to comply with a consumer’s request not to sell personal information. SB 220 will be the first law of this scope in the United States that provides consumers with opt-out rights with respect to the sale of their data.

The Q2 2019 issue of Morgan Lewis’s Life Sciences International Review was recently released. The review includes updates relevant to the life sciences industry from across the world, including the United States, Europe, and Asia. The topics range from intellectual property and data privacy to international trade and labor and employment.

Check out this recent LawFlash by Morgan Lewis partners Michael Pierides and Simon Lightman discussing the groundbreaking fines the United Kingdom’s Information Commissioner’s Office (ICO) proposed against two global organizations pursuant to the EU General Data Protection Regulation (GDPR).

The Federal Trade Commission (FTC) is seeking comments on the effectiveness of the amendments it made to the Children’s Online Privacy Protection Rule (COPPA Rule) in 2013, to determine whether additional changes are needed due to changes in technology since the last update.

The Stop Hacks and Improve Electronic Data Security (SHIELD) Act was signed into New York law by Governor Andrew Cuomo on July 25, after passing the New York State Assembly on June 17. The SHIELD Act takes effect on March 21, 2020, and will modernize New York’s current laws governing data breach notification and data security requirements with the intention of providing greater protection for consumer's private information, while holding companies accountable for providing such protections.

As lawmakers, policymakers, tech companies, and other data collectors try to determine how much access and control of consumer data is appropriate or acceptable, and how much notice and choice consumers should have, consumers will ultimately be the arbiter of such access and use.

Executive Order 13873 was issued on May 15 with the goal of “Securing the Information and Communications Technology and Services Supply Chain.”

Internet-connected devices contributing to the Internet of Things (IoT) are projected to exceed 50 billion devices by 2025, according to the Federal Trade Commission’s Bureau of Consumer Protection in its June 2018 comments on the Consumer Product Safety Commission’s notice of public hearing and request for written comments on “The Internet of Things and Consumer Product Hazards.”

In this month’s Contract Corner, we are highlighting considerations for drafting an up-to-date privacy policy.