2023 Updates Flashcards
CPPA
California Privacy Protection Agency
CPPA is responsible for…
Enforcing CPRA and CCPA
Provide Guidance on California Privacy Laws
What should orgs ensure Third party data sharing companies do?
Have privacy practices as strong as the controller.
That they follow standard privacy practices (notice, consent, opt-out.
When do trackers become “business associates” under HIPAA? (4)
On authenticated webpages
Unauthenticated webpages if:
Login/registration collects users info
Pages that address symptoms
Pages used to search for doctors or schedule appointments
Financial Services Modernization act of 1999 aka
GLBA
Drivers Privacy Protection Act (DPPA)
Prevents states from releasing DMV data
Why was DPPA needed?
States were sharing or selling DMV data.
When can DMV data be shared?
Normal operations of DMV matters including research (without PI)
International Chamber of Commerce Advertising, Marketing, Communications code
Self-regulatory framework for marketing communications
International Chamber of Commerce Advertising, Marketing, Communications code helps with
Implementing the framework and disclosing practices
NYC AI Hiring Law requires
Disclosure about usage
Bias audits
Notification to candidates about the use of automated system
States with cookie laws (2)
California (CCPA)
Virginia (VCDPA)
California Age-appropriate Design Code Act goes into effect:
July 1, 2024
CAADCA purpose
Data protection requirements for websites targeted at children
CAADCA requirements
DPIA every 2 years or with new products
Comply with CA AG
Estimate age of child visitors
Privacy settings by default
Privacy notices for children
Notify about tracking
Provide tools to enforce privacy rights