On May 29, 2019, Nevada adopted Senate Bill No. 220 emulating portions of the California Consumer Protection Act (“CCPA”) with respect to permitting individuals to opt out of the sale of their personal information.  While Nevada may be the second state to pass legislation on the sale of personal information, its bill will be the first to go into force.  SB 220 goes into effect October 1, 2019, before the CCPA’s current compliance deadline of January 1, 2020.

The net result is that companies that thought they had until the end of the year (or until the California Attorney General could bring an enforcement action in July of 2020) to fully comply with the opt-out-of-sale portion of the CCPA, may need to address the issue now in order to meet Nevada’s October deadline.

While the Nevada law does not expressly require notice to individuals of this right in the privacy policy like the CCPA, it does require companies establish a “designated address” to receive requests from individuals not to sell their personal information. The “designated address” is an email address, toll-free phone number, or internet website. The bottom line: companies should review their practices concerning the sale of personal information and consider revising  their privacy policies before October to comply with the new Nevada law.

Although Senate Bill No. 220 incorporates the CCPA’s concept of permitting consumers to object to the sale of their information, it does not adopt any other concepts from the CCPA.  In addition, it avoids many of the drafting

Companies that do business in California know that it is a magnet for class action litigation.  The California Consumer Privacy Act (“CCPA”), a new privacy law that applies to data collected about California residents, will provide even more incentive to plaintiff’s attorneys to bring suit in California.

The CCPA was enacted in early 2018 as a political compromise to stave off a poorly drafted ballot initiative.  Although the CCPA is scheduled to go into force in early 2020, there is a great deal of confusion regarding the requirements of the CCPA, including the degree to which it aligns with other privacy regulations such as the European General Data Protection Regulation (“GDPR”).  To help address that confusion, BCLP is publishing a multi-part series to address the most frequently asked litigation-related questions concerning the CCPA.  BCLP is also working with clients to assess – and mitigate – litigation risks for when the CCPA goes into effect by putting in place the policies, procedures, and protocols needed to comply with the Act.

Q. What does it mean to “do business” in California?

The CCPA purports to apply to any for-profit legal entity that “does business in the State of California” and satisfies one of three thresholds:

For companies doing substantial business in California, determining whether they must

The California Consumer Privacy Act (“CCPA”), was passed last summer as a compromise to avoid a highly restrictive privacy regime slated to appear on the November 2018 ballot in California.  Amidst much controversy and debate, the California Attorney General’s Office is set to draft implementing regulations for the new law.  As part of that process, six public rulemaking workshops have been scheduled for the public to provide comments and voice concerns.  The first  took place on January 8, 2019 in San Francisco and was attended by a cross-section of trade associations and privacy advocacy groups.  Although the public comments covered a variety of topics, a few themes emerged:

• Industry groups want to more closely align the CCPA’s provisions with other privacy regulations such as the European Union’s General Data Protection Regulation (“GDPR”). Many businesses have already undertaken the Herculean task of coming into compliance with the EU law.  They propose establishing a safe harbor under the CCPA for businesses that are GDPR compliant.
• Several comments were directed to one of the more controversial provisions of the CCPA – the “right to equal service and price,” which refers to the CCPA’s prohibition against discriminating against consumers who exercise their rights under the CCPA not to provide personal information. This anti-discrimination provision does, however, allow businesses to offer different prices or levels of service if the difference is “reasonably related to the value provided to the consumer by the consumer’s data.”  Several parties commented that the phrase “the value provided to
  

The Consumer Product Safety Commission’s (CPSC) final rule expanding phthalate restrictions in children’s toys and child care articles takes effect this week, on April 25, 2018.  The rule renews the ban on DEHP, DBP and BBP, makes the interim ban on DINP permanent, and adds four new phthalates to the list of banned phthalates in children’s products.

Phthalates are a group of chemicals typically used to soften vinyl and other plastics and make them pliable and easier to grip and are found in numerous household products.   The final rule comes nearly a decade after CPSC first began to regulate phthalates over concerns that phthalates can act as endocrine disruptors.

To recap, in 2008, Congress passed the Consumer Product Safety Improvement Act of 2008 (CPSIA), which prohibited toys and child care items containing the following three phthalates:

• di(2-ethylhexyl) phthalate (DEHP);
• dibutyl phthalate (DBP); and
• butyl benzyl phthalate (BBP) .

The CPSIA also imposed an interim ban on the following three additional phthalates pending an investigation by the Chronic Hazard Advisory Panel (CHAP) into their health effects:

• diisononyl phthalate (DINP);
• di-n-octyl phthalate (DNOP); and
• diisodecyl phthalate (DIDP).

In July 2014, the CHAP published a report recommending that the CPSC ban five phthalates, including making the interim ban on DINP permanent.   After an extended public comment period, the CPSC voted on October 18, 2017 to issue a final rule.

After three years of public comments, the long anticipated final rule: