The California Consumer Privacy Act Regulations (the CCPA Regulations) are in the process of becoming law in California. The CCPA Regulations were intended as a means for the California Attorney General to provide guidance for businesses on how to comply with the complex requirements of the CCPA. The CCPA Regulations address compliance, have created additional compliance obligations, and have also now included an accessibility requirement for various notices which must be provided consumers pursuant to the CCPA for online notices, as well as other forms of notices to consumers.
Understanding Accessibility Guidelines
The CCPA Regulations specifically incorporate by reference the Web Content Accessibility Guidelines, version 2.1 of June 5, 2018, from the World Wide Web Consortium. These guidelines have been developed to provide a framework on how to make websites accessible for those with visual, auditory, physical, speech, cognitive, language, learning, and neurological disabilities.
Background on the CCPA & How We’ve Gotten Here
The California Consumer Privacy Act of 2018 (CCPA) went into effect on January 1, 2020. The final proposed regulations of the California Attorney General were submitted on June 1st of this year to the California Office of Administrative Law (OAL) to become law as the California Consumer Privacy Act Regulations set forth in § 999.300 through § 999.341 of Title 11, Division 1, Chapter 20, of the California Code of Regulations (the CCPA Regulations).
What Do Businesses Need to Do Now?
Any notices that are being prepared as part of a CCPA compliance strategy now need to be provided in multiple formats to address the CCPA Regulations. These include not only an organization’s privacy policies but any other notices to be provided to consumers such as notices of collection, notices related to loyalty programs and notices to opt-out. A very thorough and thoughtful review of all notices and other CCPA compliance documentation should be completed by privacy professionals to properly address the CCPA Regulations. Online notices will further need to be reviewed with IT professionals to address website accessibility.
Moreover, if your company has not yet started a compliance program related to CCPA requirements, now is the time to do so, with any program constructed to address both the CCPA and CCPA Regulations. The CCPA expressly authorizes the Attorney General to start enforcement actions as of July 1, 2020. Keep in mind that in addition to accessibility considerations, the private right of action regarding data breaches under the CCPA is still in effect.
Why Does This Matter For Businesses
- If your CCPA compliance strategy does not include accessibility considerations, it should be updated to address these considerations.
- If you do not have a plan in place to address CCPA requirements and compliance, now is the time to get started.
- Keep in mind that there are already a number of other website accessibility requirements in addition to the CCPA Regulations.
- Any cyber liability insurance policy that may be obtained as a means to address both the CCPA and CCPA Regulations should be reviewed by an experienced cyber insurance coverage prior to binding coverage to confirm that you will actually have the coverage you want and properly address all these requirements.