California AG Releases Proposed CCPA Regulations

This week, California Attorney General (AG) Xavier Becerra released the draft regulations for the California Consumer Privacy Act (CCPA). The rules set forth procedures for businesses covered under the CCPA to follow for compliance. The rules can be found here.

Nevada Consumer Privacy Law – In Effect

As previously reported, Nevada Senate Bill 220 (SB-220), which offers consumers the ability to opt out of the sale of their personal information, has become effective as of October 1, 2019. Analysis of the law and what it means for you business can be found here.

European Court of Justice Rules Active Consent Needed For Tracking Cookies

The European Court of Justice (CJEU) decided that companies must get active consent from internet users before using cookies to track browsing activity. “Passive” acceptance of cookies is not an acceptable form of consent. This includes using prechecked boxes, or posting a cookies banner and assuming the user has consented via their continued use of the website. The ruling can be found here.

DOD Seeks Input From Nonprofits For Cyber Accreditation Program

The U.S. Department of Defense (DOD) is seeking information from nonprofits regarding an accreditation body for its pending Cybersecurity Maturity Model Certification, (CMMC), program.  DOD said, “[t]his RFI seeks information on how to define the long-term implementation, functioning, sustainment, and growth of the CMMC accreditation body.” The CMMC will build on DOD cybersecurity requirements by incorporating existing cybersecurity standards including the NIST’s Special Publication 800-171.

According to Rosenworcel,  FCC Must Take Greater Role In Cybersecurity

During remarks at a NIST event, Rosenworcel stated that the FCC should work with NIST to help fortify IoT devices against cyber-attacks. “If we want to make sure that no one company can undermine our national security, it’s time for the United States to develop policies that help spur its creation,” she said.