<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

Could CCPA Enforcement Be Delayed?

As the proposed amendment California Privacy Rights Act (CPRA) teeters on the edge of uncertainty, so could the enforcement date for the California Consumer Privacy Act (CCPA). The California attorney general has previously stated that the enforcement date for the CCPA will begin July 1, 2020, leaving many businesses rushing to ensure they meet CCPA compliance to avoid potential fines. However, the attorney general's draft for the proposed enforcement regulation needs to be submitted to the state Office of Administrative Law (OAL) for review along with the State Administrative Procedures Act to enforce such regulations.

All Posts

CCPA Regulation Updates - March 2020

On March 11, 2020 the California Attorney General released modifications to the CCPA. This is the second time this year he has released an update, read about the February update here. These are the most impactful changes we've identified:

A business that does not collect personal information directly from a consumer does not need to provide a notice at collection to the consumer if it does not sell the consumer’s personal information.

The notice at collection of employment-related information is not required to provide a link to the business’s privacy policy. Removed additional options for access to privacy policy since they are no longer required to do so.

Removed: Opt-out button logo requirement
CCPA Opt-Out of Sale Button - Do Not Sell My Personal Information
A business must identify the categories of sources from which personal information is collected. The categories shall be described in a manner that provides consumers a meaningful understanding of the information being collected. Identify the business or commercial purpose for collecting or selling personal information. The purpose shall be described in a manner that provides consumers a meaningful understanding of why the information is collected or sold.

If the business has actual knowledge that it sells the personal information of minors under 16 years of age, a description of the processes required by sections 999.330 and 999.331.

The business shall inform the consumer with sufficient particularity that it has collected the type of information. For example, a business shall respond that it collects “unique biometric data including a fingerprint scan” without disclosing the actual fingerprint scan data.

If a business that denies a consumer’s request to delete sells personal information and the consumer has not already made a request to opt-out, the business shall ask the consumer if they would like to opt out of the sale of their personal information and shall include either the contents of, or a link to, the notice of right to opt-out in accordance with section 999.306.

A service provider shall not retain, use, or disclose personal information obtained in the course of providing services except: (1) To process or maintain personal information on behalf of the business that provided the personal information, or that directed the service provider to collect the personal information, and in compliance with the written contract for services required by the CCPA.

A business shall not require the consumer or the consumer’s authorized agent to pay a fee for the verification of their request to know or request to delete.

Read the full text here.

Watch our on-demand webinar from February on this topic here.

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

Could CCPA Enforcement Be Delayed?

As the proposed amendment California Privacy Rights Act (CPRA) teeters on the edge of uncertainty, so could the enforcement date for the California Co...

Truyo Introduces Nationwide Virtual Privacy Leaders Circle

Truyo adds a fresh perspective to virtual events, with the launch of the Privacy Leaders Circle. This new nationwide network will bring privacy decisi...

CCPA 2.0/CPRA (California Privacy Rights Act) – Teetering On the Edge

Despite missing the April 21, 2020 target date, the advocacy group, Californians for Consumer Privacy, is still moving forward with their attempt to q...

Did Mactaggart fail to submit signatures for the CPRA?

Did Mactaggart fail to submit signatures in time for the California Privacy Rights Act (“CPRA”) to be on the ballot for the November 3rd election? It ...