<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

CPRA is on the Horizon - What's the Ripple Effect?

Data breaches and technology are evolving at such a rapid rate. In the first half of 2020 alone, data breaches significantly increased by 273% compared to 2019, making privacy laws and regulations such as the CCPA paramount in protecting consumer rights. California is leading the way for privacy compliance, as the fifth-largest global economy, the CCPA forces many companies to address privacy compliance.

All Posts

CCPA Regulation Updates - March 2020

On March 11, 2020 the California Attorney General released modifications to the CCPA. This is the second time this year he has released an update, read about the February update here. These are the most impactful changes we've identified:

A business that does not collect personal information directly from a consumer does not need to provide a notice at collection to the consumer if it does not sell the consumer’s personal information.

The notice at collection of employment-related information is not required to provide a link to the business’s privacy policy. Removed additional options for access to privacy policy since they are no longer required to do so.

Removed: Opt-out button logo requirement
CCPA Opt-Out of Sale Button - Do Not Sell My Personal Information
A business must identify the categories of sources from which personal information is collected. The categories shall be described in a manner that provides consumers a meaningful understanding of the information being collected. Identify the business or commercial purpose for collecting or selling personal information. The purpose shall be described in a manner that provides consumers a meaningful understanding of why the information is collected or sold.

If the business has actual knowledge that it sells the personal information of minors under 16 years of age, a description of the processes required by sections 999.330 and 999.331.

The business shall inform the consumer with sufficient particularity that it has collected the type of information. For example, a business shall respond that it collects “unique biometric data including a fingerprint scan” without disclosing the actual fingerprint scan data.

If a business that denies a consumer’s request to delete sells personal information and the consumer has not already made a request to opt-out, the business shall ask the consumer if they would like to opt out of the sale of their personal information and shall include either the contents of, or a link to, the notice of right to opt-out in accordance with section 999.306.

A service provider shall not retain, use, or disclose personal information obtained in the course of providing services except: (1) To process or maintain personal information on behalf of the business that provided the personal information, or that directed the service provider to collect the personal information, and in compliance with the written contract for services required by the CCPA.

A business shall not require the consumer or the consumer’s authorized agent to pay a fee for the verification of their request to know or request to delete.

Read the full text here.

Watch our on-demand webinar from February on this topic here.

Truyo
About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

CPRA is on the Horizon - What's the Ripple Effect?

Data breaches and technology are evolving at such a rapid rate. In the first half of 2020 alone, data breaches significantly increased by 273% compare...

What is Privacy Automation?

Privacy laws and regulations have transformed the relationship between businesses and the personal data they collect from consumers. The CCPA grants p...

QuikSense powered by Truyo Meets FDA Certification Compliance

QuikSense, powered by Truyo, is certified to comply with the FDA’s IEC 80601-2-59-2017 specification, making this a cost-effective and reliable wellne...

California Legislature Further Delays B2B & Employee Privacy Rights

On August 31, 2020, the California Legislature passed Assembly Bill 1281, extending the business-to-business and employee partial moratoria also refer...