CA AG Issues Second Set of Modified Proposed CCPA Regulations

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC

The California Attorney General (AG) recently published a second set of modified proposed California Consumer Privacy Act (CCPA) regulations.  Comments on the second set of modified proposed regulations must be submitted by or before 5:00 PM on March 27, 2020.

The AG released the first set of modified proposed regulations on February 10, 2020.  The second set of modified proposed regulations reflect the public comments that the AG received in response to the first set of modified proposed regulations.

Notices to Consumers

Changes to the first set of modified proposed regulations regarding the required notices to consumers include, in part, the following:

  • A business does not need to provide a notice at collection to the consumer if the business does not collect personal information (PI) directly from the consumer and does not sell the consumer’s PI.
  • The new proposed regulations no longer provide a model opt-out button or logo.
  • Although a business collecting employment-related information must generally comply with the notice at the point of collection requirements, the notice at collection of employment-related information does not need to include a link to the business’s privacy policy.
  • The new proposed regulations also clarify some of the information that must be included in a business’s privacy policy.

Business Practices for Handling Consumer Requests and Non-Discrimination

Changes to the first set of modified proposed regulations regarding how businesses must handle consumers’ requests and the CCPA’s non-discrimination provisions include, in part, the following:

  • The new proposed regulations provide that a service provider must not retain, use, or disclose PI obtained in the course of providing services except, in part, to process or maintain PI on behalf of the business that provided the PI, or that directed the service provider to collect the PI, and in compliance with the written contract for services required by the CCPA.
  • Although a business is prohibited from disclosing certain specified PI in response to a request to know (e.g., a consumer’s Social Security number, government-issued identification number, financial account number, or unique biometric data generated from measurements), the business must still describe to the consumer, with sufficient particularity, the type of information that it has collected.
  • The new proposed regulations clarify that a price or service difference that is the direct result of compliance with state law is not considered discriminatory.

Additionally, the new proposed regulations amend certain definitions and remove guidance included in the first set of modified proposed regulations regarding the interpretation of “personal information,” as that term is defined in the CCPA.

WBK covered the AG’s original proposed CCPA regulations here and the first set of modified proposed regulations here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Weiner Brodsky Kider PC | Attorney Advertising

Written by:

Weiner Brodsky Kider PC

Weiner Brodsky Kider PC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.