Finalization of CCPA Regulations

On August 17, 2020, California Attorney General Xavier Becerra announced the finalization of the CCPA regulations, bringing an almost year-long process of refinement to an end. Here's what was in the last round of clarifications to the law.

Data Privacy Acronym List

For newcomers, the world of data privacy can feel a little like alphabet soup. There are so many acronyms floating around the data privacy world that understanding which laws, activities, and concepts belong where is a real challenge.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is Europe's data privacy law — the first of its kind, and still the world's most comprehensive piece of privacy legislation.

Worldwide Privacy Laws

Governments and citizens across the world are increasingly aware of the importance of data privacy. With the rise in awareness, authorities in many countries have drafted regulations and laws to protect their citizens on the internet. Other countries have laws in late stages of…

Federal US Privacy Laws

The issue of privacy has found rare bipartisan support in the United States Senate. Ethyca CEO Cillian Kieran recently sat down for a conversation on the state of the US federal privacy conversation with Amie Stepanovich.

California Consumer Privacy Act (CCPA)

The CCPA is the state of California’s data privacy law. It marks a milestone in US privacy regulation in the same way that GDPR did for Europe. In short, it's a game-changer.

Additional Modifications to the CCPA

Since CCPA came into effect the California Attorney General, Xavier Becerra, has issued additional guidance to help explain and clarify certain parts of the law.

Privacy By Design

Privacy By Design is a key concept in the study of modern data privacy. It’s incorporated into the text of the GDPR as a core principle, and its influence is considerable across a number of data privacy laws worldwide.

Data Subject Rights

Individual data rights are at the core of all the major pieces of data privacy legislation. They are a bundle of rights aimed at letting individuals exert control over the way that their data is collected, stored, and processed by other parties. Each data right below is…

The CCPA’s “Do Not Sell My Personal Information” Provision

The state of California has come up with a unique solution to deal with data privacy concerns of its citizens by including a “Do Not Sell My Personal Information” provision in the CCPA. This lets consumers deny or withdraw consent to businesses who might otherwise use their data…

Consent Processing

"Consent" is a fundamental part of processing user data. It has a special place at the heart of digital privacy theory. Given the importance of consent, it shouldn't be surprising that there's plenty of legal wrangling over how it's defined.

Data Minimization

Data Minimization is a privacy concept that's written into GDPR and is a best-practice for privacy-conscious businesses worldwide. It holds that businesses should collect and process only the bare minimum amount of data needed to accomplish a goal.

Data Privacy vs. Data Security

“Data Privacy” and “Data Security” are two terms that can sometimes be used interchangeably, especially by those who aren’t in the field of data protection. However, in this particular sector, they mean two very different things. Understanding the relationship between them is…

Private Right of Action

The Private Right of Action in CCPA can be defined as a right that allows individuals to sue organizations for data violations even in the case of a third-party breach. It is a highly debated topic in privacy law that is handled differently across the globe. The Private Right of…

Data Breach Notifications

A data breach when information is accessed without authorization. Data breaches can hurt businesses and consumers in a variety of ways, and the GDPR and the CCPA outline specific protocols that businesses must follow in the event that it occurs.

Data Protection Impact Assessments (DPIAs)

A DPIA is a risk assessment that is carried out for any activity that involves processing user data and are a key part of privacy best practice

Data Protection Officer

A Data Protection Officer is a role that’s required for many businesses under GDPR, and recommended for any data-reliant business.

Data Subject Requests (DSRs)

DSRs (also known as DSARs or even SARs, depending where in the world you are) are a core competence for any business wishing to be compliant with GDPR or the CCPA. They are a key piece of data privacy activity, and getting them right can pose a significant challenge for…