<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

CCPA Enforcement is Here: What's your plan for compliance?

Businesses have endured many challenges amid the COVID-19 pandemic and they have voiced their concerns loud and clear around the enforcement phase of the California Consumer Privacy Act (CCPA). However, one thing remains clear, the California Attorney General has consistently reaffirmed his intention to begin enforcing regulations under the CCPA on July 1, 2020 and CCPA is now enforceable!

All Posts

CCPA Regulation Updates - March 2020

On March 11, 2020 the California Attorney General released modifications to the CCPA. This is the second time this year he has released an update, read about the February update here. These are the most impactful changes we've identified:

A business that does not collect personal information directly from a consumer does not need to provide a notice at collection to the consumer if it does not sell the consumer’s personal information.

The notice at collection of employment-related information is not required to provide a link to the business’s privacy policy. Removed additional options for access to privacy policy since they are no longer required to do so.

Removed: Opt-out button logo requirement
CCPA Opt-Out of Sale Button - Do Not Sell My Personal Information
A business must identify the categories of sources from which personal information is collected. The categories shall be described in a manner that provides consumers a meaningful understanding of the information being collected. Identify the business or commercial purpose for collecting or selling personal information. The purpose shall be described in a manner that provides consumers a meaningful understanding of why the information is collected or sold.

If the business has actual knowledge that it sells the personal information of minors under 16 years of age, a description of the processes required by sections 999.330 and 999.331.

The business shall inform the consumer with sufficient particularity that it has collected the type of information. For example, a business shall respond that it collects “unique biometric data including a fingerprint scan” without disclosing the actual fingerprint scan data.

If a business that denies a consumer’s request to delete sells personal information and the consumer has not already made a request to opt-out, the business shall ask the consumer if they would like to opt out of the sale of their personal information and shall include either the contents of, or a link to, the notice of right to opt-out in accordance with section 999.306.

A service provider shall not retain, use, or disclose personal information obtained in the course of providing services except: (1) To process or maintain personal information on behalf of the business that provided the personal information, or that directed the service provider to collect the personal information, and in compliance with the written contract for services required by the CCPA.

A business shall not require the consumer or the consumer’s authorized agent to pay a fee for the verification of their request to know or request to delete.

Read the full text here.

Watch our on-demand webinar from February on this topic here.

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

CCPA Enforcement is Here: What's your plan for compliance?

Businesses have endured many challenges amid the COVID-19 pandemic and they have voiced their concerns loud and clear around the enforcement phase of ...

Breaking News: The CPRA (CCPA 2.0) Makes the November Ballot

The California Privacy Rights Act (CPRA) officially makes the November ballot for the 2020 elections. After the Californians for Consumer Privacy advo...

CPRA is Inches Away from the November Ballot

The California Privacy Rights Act (CPRA) inches closer and closer to the November 2020 ballot. With the number of signatures being verified, Los Angel...

Get Back to Business with Janus. Privacy First.

As the world tries to adjust to this "new normal," many are wondering how businesses will resume a normal or phased approach to re-opening. With stric...