Presentation is loading. Please wait.

Presentation is loading. Please wait.

CCPA: What Is It, And How Can You Comply?

Published bySri Tanudjaja Modified over 5 years ago

Similar presentations

Presentation on theme: "CCPA: What Is It, And How Can You Comply?"— Presentation transcript:

1

2 CCPA: What Is It, And How Can You Comply?
Background – An overview of the CCPA Fundamentals – Identifying the CCPA’s scope and getting started with your CCPA compliance plan Transparency – Providing specific notices to consumers Consumer Control – Responding to consumer requests to access, delete, and opt-out of the sale of their data Enforcement – The California Attorney General’s enforcement power and the CCPA’s private right of action Appendices – (A) Key CCPA Terms & Definitions (B) Comparing the CCPA & GDPR

3 Background

4 Key Themes Transparency Consumer Control Enforcement
Inform consumers about the types of information you collect, sell, or disclose about them, who you share it with, and their rights under the CCPA. Provide consumers with an opportunity to exercise certain rights pertaining to their data. Establish policies and procedures for allowing consumers to opt-out of the sale of their data. The CCPA will be enforced by the California Attorney General, who will also promulgate rules. Civil suits (including class actions) are allowed for violations of data security requirements.

5 A Brief History of the CCPA
Background. Advocacy groups led efforts for a California state ballot initiative, inspired in part by: GDPR Lack of a comprehensive U.S. federal privacy law Worries about “big tech” data collection and use practices Cambridge Analytica – 87 million users affected Concern over data analytics influence in politics Third-party market for personal data Negotiations with Industry & Legislature. Advocates agreed to withdraw the ballot initiative if a reasonable privacy bill was enacted in time. Result. The California Consumer Privacy Act (AB 375) came together quickly and unanimously in June 2018. The law contained drafting errors, and in September 2018 a “clean up” bill (SB 1121) was passed. More amendments to come?

6 Fundamentals

7 Who Needs to Comply? The CCPA applies to businesses that collect personal information about California residents, do business in California, and meet one of the following criteria: Annual gross revenue in excess of $25 million. Annually buys, receives, sells, or shares for commercial purposes the personal information of 50,000 or more consumers, households, or devices. Derive 50% or more of annual revenues from selling consumers’ personal information. It also applies to an entity that controls and has common branding with a business that meets the criteria above. Compliance Tip: Consider how the business will approach the territorial/ jurisdictional issues presented in CCPA compliance. Will you treat all data nationwide (or worldwide) the same, or attempt to separate out data from California consumers? How will this approach work in conjunction with (existing or future) state laws? GDPR? What additional technical and organizational measures are needed for your desired approach?

8 Types of Data Covered by the CCPA
Personal Information Data Inventory The definition of “personal information” is exceptionally broad, so businesses will need to comply with the law’s numerous obligations and restrictions for an unprecedented amount of information. “Personal Information” includes some information you might expect (e.g., SSN, driver’s license number, biometric information, and geolocation data), and some you might not, such as information linked to households. For the complete definition of personal information, see Appendix A. A data inventory will be key to compliance: Identify what personal information the business collects, from what sources, how it is used, with whom it is shared, and for what reasons. How is the data is stored (Anonymized? Pseudonomized? De-identified?) Can it be associated with an individual or household? For each piece of data, identify the purposes for which it is used, identifying when data is used for a “business purpose” or other designated exception under the CCPA. Compliance Tip: Businesses that recently underwent GDPR compliance measures can use previous data mapping experience as a staring point in their CCPA compliance process. But keep in mind that the results will not be exactly the same. For more information on the differences between the CCPA & GDPR, see Appendix B.

9 Types of Business Activities Regulated by the CCPA
What’s a “Sale”? Data Sharing Inventory A data sharing inventory provides a complete picture of how you share personal information: Identify the third parties with which the business shares consumer information—and for what purposes. Evaluate data sharing practices and determine which disclosures the business considers to be a “sale” under the CCPA. Review agreements, if any, with third parties to determine whether there are any limits imposed on their use of data provided to them, and whether any revisions are necessary to ensure the business can direct the third party to delete consumer information upon request. Many requirements of the CCPA flow from whether you “sell” consumer personal information. The CCPA’s definition of “sale” is broad, counterintuitive, and may have an unexpected effect on business activities. A defining factor is that “sales” are transfers of data to third parties in exchange for monetary or other valuable consideration. Some activities are not considered a “sale,” such as disclosures that are necessary for a business purpose, or are completed at the direction of the consumer. For a complete list of exceptions, see Appendix A. Compliance Tip: Consider developing CCPA template data sharing agreements, similar to controller/processor agreements required under the GDPR.

10 Scenarios: What is a “Sale”?
A business shares consumer credit card information with a third-party payment processor in order to complete a transaction requested by the consumer. Scenario 2 A business uploads customer lists to a free service that will target ads to those customers on behalf of the business. Scenario 3 A business allows third-parties to place cookies on its website in order to deliver targeted advertising to website visitors.

11 Transparency

12 Transparency Review & Update Privacy Notices. The CCPA requires that specific notices be provided to consumers at or before the point of data collection. Be sure to review and update privacy policies and other consumer notices to include: The categories of personal information collected, disclosed, or “sold.” The business purposes for using that information. A description of consumer rights under the act (e.g., opt-out, deletion, access, portability). Specific Link. Provide a clear and conspicuous “Do Not Sell My Personal Information” link that directs consumers to an opt-out mechanism on the “homepage.” Note that a “homepage” means any webpage that collects personal information from consumers, or an app download page or settings feature. Compliance Tip: Determine what technical and organizational measures are needed to activate the link and ensure opt-outs are recognized and honored.

13 Consumer Control

14 Consumer Control Policies & Procedures
Develop and adopt policies and procedures to receive and respond to consumer requests to access and delete their information, and opt-out of the “sale” of their information. This will require technical and administrative efforts across departments, including: Identifying who is in charge of responding to questions about the business’ data. Designating methods for consumers to make these requests, which should include, at a minimum, a toll-free number and website function. Developing internal guidance for assessing whether a consumer request is “valid” and how to identify whether a third party submitting requests on behalf of a consumer is authorized to do so. Determining how the business will match the data with the consumer making the request. Defining appropriate scope for responses; requests are not limited to specific databases or services. Ensuring all individuals responsible for handling consumer inquires are informed of CCPA’s requirements.

15 Consumer Control: Access
Businesses that collect personal information must provide: The categories and specific pieces of personal information it has collected about that consumer. The categories of sources from which the personal information is collected. The business or commercial purpose for collecting or selling personal information. The categories of third parties with whom the business shares personal information. Businesses are not required to retain or re-identify personal information beyond what it might do in the ordinary course. Business that sell or disclose personal information for a business purpose must provide: The categories of personal information that the business collected about the consumer. The categories of personal information sold. The categories of third parties to whom the personal information was sold. The categories of personal information that the business disclosed about the consumer for a business purpose.

16 Consumer Control: Deletion
Your company should have defined policies and procedures for responding to requests to delete information. Upon verifiable consumer request, delete personal information from your records (regardless of the source of such information), unless reasonably anticipated in the context of business relationship, to detect security issues, and other similar reasons. Must also direct any third-party service providers to delete the consumer’s personal information from their records. Compliance Tip: Establish standards to determine whether the business continues to need the data such that it is not required to be deleted (e.g., for internal uses reasonably aligned with the consumer’s expectations, to detect security issues, or for compliance or enforcement reasons). Compliance Tip: Review vendor agreements (if any) to determine whether any updates are needed to ensure ability to request data deletion.

17 Consumer Control: Portability
Establish procedures for disclosing and delivering consumers’ data to them. To the extent technically feasible, provide the data in a “readily useable format” (e.g., PDF) that allows the consumer to transmit the data to another entity. Data must generally be provided free of charge, though if requests are manifestly unfounded, excessive, or repetitive a business may either charge a reasonable fee or refuse to act on the request. Disclosures shall cover the 12-month period proceeding the request, and must be provided up to 2x in a12-month period. Must respond within 45 days of a request, though the 45 day window can be extended when reasonably necessary, with notice to the consumer. Compliance Tip: Determine how the business will determine whether a request is a “verifiable consumer request.”

18 Consumer Control: Opt-Outs
Your company should have defined policies and procedures for allowing consumers to opt out of the “sale” of personal information. Provide consumers with notice and opportunity to opt out prior to any “sale” of personal information. Honor consumer opt-out choices; wait 12 months after an opt-out request before asking for authorization of sale. Children’s Data. Do not sell the personal information of consumers younger than 16, unless the consumer or guardian (if younger than 13) has affirmatively authorized the sale. Business that willfully disregard a consumer’s age shall be deemed to have had actual knowledge of her age. Compliance Tip: Identify what business activities will be impacted by restrictions on “sales,” and what changes to current practices need to occur to accommodate these requests. Compliance Tip: Evaluate how the company currently handles children’s data, and determine whether the CCPA will require different technical or organizational processes than those you already have in place for compliance with COPPA or the GDPR.

19 Incentives Programs Evaluate any financial incentive programs your company offers. If your business offers or plans to offer different rates or services based on whether a consumer requests to opt-out of data sharing or exercise another choice under the CCPA, ensure any differences are correlated to the value of the data. Consider programs like frequent flyer or rewards programs. Provide consumers with a clear description of the terms of any financial incentive program, and a revocable opportunity to opt-in to the program. Do not discriminate (e.g., charge different prices, provide different level/quality of services) based on consumers exercising rights under the CCPA. Compliance Tip: Develop a method to measure the value of the data to the consumer, and ensure incentives are directly related to that value. This may prove to be a tricky calculation, so be sure to document the evaluation process.

20 Enforcement

21 Enforcement: Attorney General
CA AG required to promulgate rules by July 1, 2020 that: Establish any exceptions necessary to comply with state or federal law, including IP rights. Establish rules and procedures for opt-out requests. Establish rules and procedures for notices and financial incentives. Establish rules and procedures for determining whether a request for information received is a “verifiable consumer request.” The California Attorney General (CA AG) is the primary enforcer of the CCPA, but may not enforce the CCPA until six months after it promulgates rules, or July 1, 2020, whichever is sooner. Businesses may seek the opinion of the AG for guidance. Businesses have 30 days to cure any violations, once notified. Violations of the Act result in civil penalties civil penalties up to $2,500 for each violation or $7,500 intentional violations. CA AG also empowered to update, as needed, categories of information covered and monetary threshold of “business”.

22 Enforcement: Information Security
Private Right of Action Reasonable Security Practices Consumers can seek statutory or actual damages if their personal information (as defined in California’s existing data breach notification law – not the CCPA) is subject to a data breach that occurs as a result of a business’s failure to implement and maintain reasonable security procedures. Once put on notice, businesses have 30 days to cure. Plaintiffs may recover damages between $100 - $750 per incident, injunctive or declaratory relief, or actual damages. Amendments have been proposed to broaden the private right of action to other violations of the Act. Security procedures and practices should be appropriate to the nature of the information under the business’ control. This is a good business practice, and may help reduce the risk of liability in the event of a lawsuit resulting from a breach of personal data. Assess current state of data protection, and identify any updates that are needed. Compliance Tip: What is considered “reasonable” security practices will depend on the business and the data at issue, but may generally include: A written data security policy Access controls Regular audits Technical controls Physical access controls Incident response policy Disaster recovery plan

23 Accountability & Flexibility
Implement accountability measures. Identify who at your organization will “own” CCPA compliance. Educate executives on the company’s obligations under the CCPA, including any funding or resources necessary to maintain a robust compliance program. Ensure that all individuals responsible for handling consumer inquires are about the business’ privacy practices or CCPA compliance are trained on those topics. Ensure that all internal practices match external policies. Log consumer requests and document your CCPA compliance measures. Be prepared to adapt. The CCPA is a moving target. As you craft your business’ CCPA compliance plan, leave room to be flexible. Before the CCPA goes into effect on January 1, 2020, it may see additional amendments. The California AG’s rulemaking may impact certain provisions of the law. After it goes into effect, enforcement actions may provide further guidance for compliance with the CCPA’s numerous ambiguous provisions. Compliance Tip: Monitor changes/updates to the CCPA. Stay tuned to the Willkie Compliance Concourse for recent developments and up-to-date analysis of the CCPA.

24 Thank You! Daniel K. Alvarez Partner Jill Guidera Brown Associate
Cybersecurity & Privacy Daniel K. Alvarez Partner Jill Guidera Brown Associate Daniel K. Alvarez is a partner in Willkie’s Communications & Media Department and Cybersecurity & Privacy Practice Group. Daniel brings an extensive background in technology and regulatory issues to counseling a broad range of clients in diverse industries on privacy and cybersecurity issues, including financial and healthcare privacy, regulation of marketing and advertising practices, international data transfer, children’s privacy, and other privacy and cybersecurity matters regulated by the FTC, FCC, SEC, and other state and federal agencies. Jill Guidera Brown is an associate in Willkie’s Communications & Media Department and Cybersecurity & Privacy Practice Group. Jill counsels clients on a wide range of topics, including developing compliance strategies for federal, state, and international data protection laws, identifying privacy and cybersecurity risk in M&A transactions, international data transfers, and data breach response. Washington, DC Washington, DC

25 Appendices

26 Key CCPA Terms & Definitions
Appendix A Key CCPA Terms & Definitions

27 CCPA: Key Terms Term Definition “Business Purpose”
The use of personal information for the business’s or a service provider’s operational purposes, or other notified purposes, provided that the use of personal information shall be reasonably necessary and proportionate to achieve the operational purpose for which the personal information was collected or processed or for another operational purpose that is compatible with the context in which the personal information was collected. Business purposes are: Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity. Debugging to identify and repair errors that impair existing intended functionality. Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction. Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider. Undertaking internal research for technological development and demonstration. Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.

28 CCPA: Key Terms Term Definition “Collects”
Buying, renting, gathering, obtaining, receiving, or accessing any personal information pertaining to a consumer by any means. This includes receiving information from the consumer, either actively or passively, or by observing the consumer’s behavior. “Consumer” A natural person who is a California resident (under CA law) however identified, including by any unique identifier. “Deidentified” Information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer, provided that a business that uses deidentified information: Has implemented technical safeguards that prohibit reidentification of the consumer to whom the information may pertain. Has implemented business processes that specifically prohibit reidentification of the information. Has implemented business processes to prevent inadvertent release of deidentified information. Makes no attempt to reidentify the information.

29 CCPA: Key Terms Term Definition “Personal Information”
Information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, address, account name, social security number, driver’s license number, passport number, or other similar identifiers. Any categories of personal information described in subdivision (e) of Section Characteristics of protected classifications under California or federal law. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. Biometric information. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement. Geolocation data. Audio, electronic, visual, thermal, olfactory, or similar information. Professional or employment-related information. Education information, defined as information that is not publicly available personally identifiable information as defined in FERPA. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. “Personal information” does not include publicly available information.

30 CCPA: Key Terms Term Definition “Sell, “selling,” “sale,” or “sold”
Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information to a third party for monetary or other valuable consideration. Some activities are not considered a “sale:” Business purpose. The business uses or shares the information in a way that is necessary to perform a business purpose, if: The business provides proper notice that information is being used & shared; and The third party’s collection, sale, or use of the personal information is limited to what is necessary to perform business purpose. Consumer direction. A consumer directs the business to disclose, or intends to interact with the third party, via one or more deliberate interactions. Updating opt-out preferences. The information is shared in order to inform a third party that the customer has opted out of the sale of their personal information. Transactions. The information is transferred as part of a business transaction, with notice provided to the consumer if the new owner will materially alter how data is shared. “Service Provider” A sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract, provided that the contract prohibits the entity receiving the information from retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract for the business, or as otherwise permitted by this title, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the services specified in the contract.

31 CCPA: Key Terms Term Definition “Third Party”
A person who is not any of the following: The business that collects personal information from consumers under this title. A person to whom the business discloses a consumer’s personal information for a business purpose pursuant to a written contract, provided that the contract: Prohibits the person receiving the personal information from: Selling the personal information. Retaining, using, or disclosing the personal information for any purpose other than for the specific purpose of performing the services specified in the contract, including retaining, using, or disclosing the personal information for a commercial purpose other than providing the services specified in the contract. Retaining, using, or disclosing the information outside of the direct business relationship between the person and the business. Includes a certification made by the person receiving the personal information that the person understands the restrictions in subparagraph (A) and will comply with them. A person covered by this paragraph that violates any of the restrictions set forth in this title shall be liable for the violations. A business that discloses personal information to a person covered by this paragraph in compliance with this paragraph shall not be liable under this title if the person receiving the personal information uses it in violation of the restrictions set forth in this title, provided that, at the time of disclosing the personal information, the business does not have actual knowledge, or reason to believe, that the person intends to commit such a violation.

32 CCPA: Key Terms Term Definition “Unique Identifier”
A persistent identifier that can be used to recognize a consumer or household over time and across different services. Potentially includes device ID, IP address, tracking technologies like cookies, beacons, pixel tags, or mobile ad identifiers, customer number, unique pseudonym, or user alias, telephone numbers, or other forms of persistent or probabilistic identifiers. “Verifiable Consumer Request” A request that is made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a natural person or a person registered with the Secretary of State, authorized by the consumer to act on the consumer’s behalf. Attorney General to adopt rules guiding verification. A business is not obligated to provide information to the consumer if the business cannot verify that the consumer making the request is the consumer about whom the business has collected information or is a person authorized by the consumer to act on such consumer’s behalf.

33 Comparing the CCPA & GDPR
Appendix B Comparing the CCPA & GDPR

34 GDPR & CCPA – Similar, But Not The Same
GDPR and CCPA similar in many respects, but subtle differences in key provisions highlight the compliance challenge. Issue GDPR CCPA Covered Information? Information relating to an identified or identifiable natural person. PI includes information capable of being associated with an individual or a household, and certain inferences draws from the information. Scope? Entities established in the EU, non-EU companies that process data of individuals located in the EU and offer goods & services targeted toward the EU Businesses that meet certain thresholds related to handing CA residents’ personal information, regardless of where the business or the consumer are located. Lawful Bases? Before data is collected and processed, controller must identify lawful basis for processing. No limits on collection and processing, save for “opt-out” requirement for any “sale” of PI.

35 Distinctions: Notice, Consent, and Sharing
Issue GDPR CCPA Notices? Controllers must provide certain information at the time data is obtained in "a concise, transparent, intelligible and easily accessible form, using clear and plain language." Business must provide notice with certain information regarding data collection and use at or before point of collection. Businesses that “sell” PI must include a “Do Not Sell My Personal Information” link for consumers to easily opt-out. Consent? If consent is lawful basis for processing, must be freely-given, specific, informed, and unambiguous Only applies to “sale” of information; must give consumers right to opt-out (or opt-in if sale involves sensitive information). Sharing With Vendors? GDPR applies to personal data regardless of entity doing the processing. Requires data processing contracts that must include, among other things, the controller’s right to (1) object to the processor's use of sub-processors and (2) audit and inspect the processor's infrastructure. Can be shared with service providers if: The sharing is necessary to perform a “business purpose”; The business has provided notice that information being used or shared; and The service provider does not further collect, sell, or use the PI except as necessary to perform the business purpose.

36 Distinctions: Consumer Rights
Issue GDPR CCPA Access? Data subjects may obtain access to certain information pertaining to their data, including the categories of information processed, and recipients or categories of recipients with whom the data is disclosed. Right to access under the CCPA is similar to the GDPR. Upon verifiable consumer request, businesses must disclose the categories of personal information and purposes for which it shall be used. Deletion? Right to erasure of personal data if certain criteria are met, such as if the data is no longer needed for the purposes it was collected and if there is no overriding interest. Only pertains to data collected by the business from the consumer. Limited exceptions to deletion, such as if the data is necessary to complete a transaction or comply with legal process. Must also direct service providers to delete the data from their records. Portability? Right to receive the personal data that was provided by the subject to the controller, in a structured, commonly used and machine-readable format. Must be able to transmit those data to another controller without hindrance. Applies to any PI collected by the business. To the extent technically feasible, data must be provided in a readily useable format that can be transmitted to another entity without hindrance. A consumer may obtain their data no more than twice in a 12-month period. Restrict processing? General right to restrict processing if certain criteria is met, such as if the data is no longer needed or if the processing is unlawful. Restriction rights are limited to the right to opt-out of the “sale” of PI.

Download ppt "CCPA: What Is It, And How Can You Comply?"

Similar presentations

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.

Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.
CIPA Update. FOR SCHOOLS – By July 1, 2012, amend your existing Internet safety policy (if you have not already done so) to provide for the education.

CIPA Update. FOR SCHOOLS – By July 1, 2012, amend your existing Internet safety policy (if you have not already done so) to provide for the education.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
BIOTECH SUPPLY October 8-9, 2012 Crowne Plaza, Foster City, CA California Transparency in Supply Chain Act, SB 657, Chapter 556, Statutes of 2010 David.

BIOTECH SUPPLY October 8-9, 2012 Crowne Plaza, Foster City, CA California Transparency in Supply Chain Act, SB 657, Chapter 556, Statutes of 2010 David.
1 Exemption AdministrationTraining Related to Accepting Certificates Prepared by the Streamlined Sales Tax Governing Board Audit Committee Prepared January.

1 Exemption AdministrationTraining Related to Accepting Certificates Prepared by the Streamlined Sales Tax Governing Board Audit Committee Prepared January.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.

“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215) 496-7241

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.

2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.

Similar presentations

Ads by Google