Proposed regulations have been submitted for review.

On February 3, the Board of the California Privacy Protection Agency held its latest public meeting, focused on the anticipated regulations interpreting the California Consumer Privacy Act, as now amended by the California Privacy Rights Act.

An updated version of the NIST Cybersecurity Framework is on the way.

In 2013, President Barack Obama directed the National Institute of Standards and Technology (“NIST”) to lead the development of a cybersecurity framework to “reduce cyber risks to critical infrastructure.” The result was the NIST Cybersecurity Framework (formally, the “Framework for Improving Critical Infrastructure Cybersecurity”), a comprehensive, flexible, and scalable approach that provides a structure that can be used by entities to create, guide, assess, or improve their cybersecurity programs. The first version, v1.0, of the CSF was released in February 2014. NIST subsequently released v1.1 of the CSF in April 2018 to clarify, refine, and enhance the framework. Since its release, the CSF has been widely adopted across a range of industries within the United States and internationally.

In Jones v. Google, LLC, a three-judge panel of the U.S. Court of Appeals for the Ninth Circuit held that a district court judge erred in finding that state privacy claims were preempted by the federal statutory framework referred to as the Children’s Online Privacy Protection Act, or “COPPA.” The district court had dismissed a class action brought by children based on allegations “that Google used persistent identifiers to collect data and track their online behavior surreptitiously and without their consent…”