November 08, 2022

Privacy Considerations for the End of 2022

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

Jan. 1 is approaching, and with it comes new requirements under the California Consumer Privacy Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). What should you and your company be focusing on to ensure you are prepared for the looming compliance deadline? This Data Privacy Dish post offers end-of-year considerations for closing out 2022:

  1. Update consumer-facing privacy notices - Have you accounted for the new requirements under the VCDPA and CPRA, including discussing retention periods and describing new and updated data subject rights?
  2. Update data subject request form and processes - Does your data subject request form or online portal include options for the new data subject rights, such as the right to correct inaccurate information or the right to opt-out of targeted advertising in Virginia? Have you identified profiling activities or processing of sensitive personal information for which you may be required to provide an opt-out right?
  3. Confirm your company's position on "sales" and "sharing" - Do you need a "Do Not Sell or Share My Personal Information" link or an "opt-out of targeted advertising link"? Are you alternatively getting opt-in consent for AdTech cookies as part of your strategy for addressing California-specific AdTech related requirements?
  4. Validate opt-out protocols and honor Global Privacy Control (GPC) signals - Does your website respond to the GPC signal? Have you informed IT and Marketing that new signals may be under development that may need to be identified and addressed?
  5. Address new employee privacy requirements in California - Do you have a privacy notice for California Employees? Do you have processes in place for handling requests from California applicants, employees, former employees, and dependents and spouses, to exercise their rights under the CPRA, including the rights to access, correct, delete, and opt out of "sales" and "sharing"?
  6. Finalize updates to contract templates and/or amendments - Have you confirmed contract templates have been updated with the new requirements for "service providers" / "contractors" / "processors"? Have you confirmed contract templates with "third parties" have been updated with new CPRA requirements?
  7. Obtain consent for sensitive data - Have you identified processes/applications that collect sensitive data about Virginians for which you may be required to get consent from the individual to process?
  8. Document your data protection impact assessments - Have you prepared written data protection impact assessments (DPIAs) to ensure you are appropriately processing personal data for targeted advertising, "selling" personal data, profiling, processing sensitive data, or data for which there is a heightened risk of harm?
  9. Review your information security policies and procedures - Have you reviewed your written information security plan to ensure it adequately protects data based on the level of sensitivity and applicable legal requirements?
  10. Provide privacy awareness training - Have you informed key stakeholders in the company (e.g., Information Technology, Marketing, Human Resources, Procurement, etc.) of the main compliance obligations under the new state privacy laws?

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

The New York Court of Appeals: A Triumph of Merit Selection

By Henry M. Greenberg Greenberg Traurig May 25 , 2023

The current court is a triumph of the merit selection process that New Yorkers voted for in 1977.

Attorney Fees Awards Under the Clean Streams Law

By David Mandelbaum Greenberg Traurig May 24 , 2023

In February, the Pennsylvania Supreme Court decided that the Environmental Hearing Board could award attorney fees and litigation costs to a prevailing third-party appellant under the Clean Streams Law.

GT's The Performance Review Episode 20: All Secrets Revealed: Employee Investigations

By Philip I. Person Greenberg Traurig May 24 , 2023

In this episode, Sue Ann Van Dermyden, co-founder and senior partner at one of the nation’s top investigations firms, joins Philip Person and Ryan Bykerk to discuss the ins and outs of employee investigations.

More From Privacy

Labor Department Releases New Guidance on Agency Enforcement of PUMP for Nursing Mothers Act

By Patricia Anderson Pryor Jackson Lewis P.C. May 19 , 2023

The U.S. Department of Labor Wage and Hour Division (WHD) has published guidance for agency officials responsible for enforcing the “pump at work” provisions of the Fair Labor Standards Act (FLSA), including those enacted under the 2022 Providing Urgent Maternal Protections for Nursing Mothers Act (PUMP Act).

Finding the Delta: Understanding the Differences in How State Privacy Laws Define Corporate Affiliates

By David A. Zetoony Greenberg Traurig May 15 , 2023

All modern privacy statutes regulate when personal information can be shared with third parties, whether those third parties are service providers, vendors, contractors, or business partners.

Florida Adds a New Twist to Consumer Privacy Patchwork

By David P. Saunders McDermott Will & Emery May 10 , 2023

On May 9, 2023, the Florida legislature passed the Florida Digital Bill of Rights (FDBR), which adds a new twist to the growing body of state consumer privacy laws.

Featured Stories