Is it possible for data that has undergone hashing to still be considered “personal information?”

Is a service provider permitted to disclose personal information if it receives a civil subpoena or a discovery request?

Can a service provider use and transfer personal information if they anonymize or aggregate it?

If a company receives a data access request from an employee, will it have to share with them performance reviews and other notes and comments in their HR file that implicate other employees?

If a company experiences a data security breach, and receives a “Right to be Forgotten” request from a data subject whose information was involved, does the company have to delete the information that they have about the individual?

Can a company decide whether to deidentify information or delete information if it receives a ‘right to be forgotten’ request?

Did California Declare War on Attorney Client Privilege? How the CCPA Impacts Privilege Protections