Late yesterday evening, the Senate confirmed the nominations of Hester Peirce and Caroline Crenshaw to serve as SEC Commissioners by a voice vote. SEC Chair Jay Clayton and Commissioners Elad Roisman and Allison Lee issued a statement of congratulations and news was first reported in ThinkAdvisor. Commissioner Peirce was first sworn in on January 11, 2018 and her new term will end on June 5, 2025, while Commissioner Crenshaw’s term will end on June 5, 2024.
CPRA: California 2020 Ballot Initiative Means Potential Changes to CCPA
Back in May, I blogged on the Mentor Blog about California’s ballot initiative – the California Privacy Rights Act (CPRA). And, earlier this summer, I also blogged about the release of final CCPA regulations as California’s Attorney General began enforcement of the regulations July 1. Now, as has been widely reported, the CPRA initiative has qualified to be on California ballots in November. This Sidley blog says the initiative has a strong chance of passing and provides an overview of what this might mean:
In the short term, the CPRA will help businesses by preserving through 2022 the employee and business-to-business exemptions that are otherwise scheduled to sunset on December 31, 2020. Some of the potential changes, among others, relate to new duties imposed on businesses that collect personal information and their service providers, new rights for sensitive personal information and expansion of data breach liability to include email addresses with passwords.
The blog notes that the CPRA would create a requirement for annual cybersecurity audits and regular risk assessments for high risk data processors – Businesses whose processing of consumers’ personal information “presents a significant risk to consumers’ privacy or security” would be required to perform annual cybersecurity audits and submit to the new California data protection agency, “on a regular basis,” risk assessments weighing the benefits of processing personal information to the business, the consumer, other stakeholders, and the public, against the potential risks to the consumer.
Presuming the initiative passes, Sidley’s blog suggests company compliance efforts begin soon thereafter – while most of the CPRA would not go into effect until January 2023, obligations of businesses with respect to the personal information covered by the amended CCPA would relate to personal information collected beginning in January 2022.
More on “The Mentor Blog”
We continue to post new items daily on our blog – “The Mentor Blog” – for TheCorporateCounsel.net members. Members can sign up to get that blog pushed out to them via email whenever there is a new entry by simply entering their email address on the left side of that blog. Here are some of the latest entries:
– IPOs: Company-Friendly Directed Share Programs
– Considerations for Mitigating ESG Disclosure Risk
– Main Street Lending Program: Updated Fed Guidance
– Storytelling for Compliance Pros
– Whistleblower Awards: Dodd-Frank Turns 10!
– Lynn Jokela