California Privacy Protection Agency draft rules for making a data deletion mechanism required by the state’s Delete Act exceed the law’s scope and one requirement may be unconstitutional, the Software & Information Industry Association (SIIA) said in comments at the CPPA.
As the California Privacy Protection Agency ramps up enforcement, it will “telegraph” how it plans to enforce the state’s privacy law and will act in ways that aren’t far from what other states would do, CPPA Executive Director Tom Kemp said in a wide-ranging interview Wednesday with Privacy Daily. In addition, Kemp panned Congress’ proposed 10-year moratorium on state AI regulation while saying the agency is being careful about what aspects of AI may come under its jurisdiction.
Massachusetts senators advanced a comprehensive privacy bill that includes a private right of action and Maryland-like data-minimization requirements. On Monday, the Senate side of the legislature’s joint Advanced Information Technology Committee advanced to the Ways and Means Committee a new draft of the Massachusetts Data Privacy Act (S-2516) that replaces bills by the committee’s Senate Chair Michael Moore (D), Senate Majority Leader Cynthia Creem (D) and Sen. William Driscoll (D). Some alternatives remain pending, including legislation by Sen. Barry Finegold (D), his spokesperson told Privacy Daily.
Making it easier to exercise privacy rights is a key priority for California Privacy Protection Agency Executive Director Tom Kemp, he blogged Thursday.
Days after an enforcement action against menswear retailer Todd Snyder, the California Privacy Protection Agency said its board ordered National Public Data to pay a $46,000 fine, the maximum allowed. The now-closed data broker failed to register as a data broker and pay an annual fee, as the California Delete Act requires, the CPPA said Thursday.
Comments are due June 2 on revised draft rules for the California Privacy Protection Agency’s rulemaking on automated decision-making technology (ADMT), risk assessments, cybersecurity, insurance and other rule changes, the CPPA decided Thursday.
The California Privacy Protection Agency seeks comments by June 10 on draft rules about data deletion, said a Friday notice in the California Regulatory Notice Register. Also on that date, the CPPA will hold a hearing on the proposal, at 1 p.m PT, it said.
The Consumer Financial Protection Bureau should withdraw the Biden administration’s proposed data broker rule because it’s an “illegal” expansion of the Fair Credit Reporting Act, industry groups told the bureau in comments due Wednesday (see 2503040058).
The California Senate Judiciary Committee supported data broker and breach notification bills at a late Tuesday hearing. The panel cleared SB-361, which adds requirements to the California Delete Act. And it approved SB-446, a data breach bill adding specific deadlines to the state’s notification law.
A California data broker registration bill received support from Consumer Reports and Privacy Rights Clearinghouse. In a Tuesday letter to California Senate Judiciary Committee Chair Thomas Umberg (D), the consumer privacy advocates backed SB-361, which would amend the California Delete Act to require disclosure of more types of personal information.