Recent Developments to the California Consumer Privacy Act: How They Impact Your Organization’s Compliance Efforts

Clark Hill PLC

As the California Consumer Privacy Act’s (CCPA) January 1, 2020 compliance deadline rapidly approaches, businesses need to assess what actions are necessary in light of recent developments.  Below is a highlight of several amendments to the CCPA and existing data privacy laws.

  • Employee data is exempted from a consumer’s right to access, deletion, and opt-out, under the CCPA until January 1, 2021. This includes personal information about employees, job applicants, owners, directors, staff, officers, and contractors that are utilized solely in the context of those roles.  Businesses still need to provide employees with appropriate notices about their personal data.
  • Personal information under the CCPA does not include “publicly available information” as well as de-identified or aggregate information, limiting the scope for key data on which businesses may rely.
  • Biometric information and many government-issued identifiers are now added to the definition of personal information under the breach notification law.
  • Consumers cannot opt-out of some vehicle-related information between a motor vehicle dealer and vehicle manufacturer for purpose of vehicle repair covered by a warranty or recall.
  • “Data brokers” need to register with the California Attorney General.  A “data broker” is a business that “knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”
  • The CCPA now has a more limited application to business-to-business (B2B) communications by exempting personal information bearing on some aspects of a consumer’s credit, character, reputation, characteristics and communication between the business and consumer for purposes of due diligence or providing or receiving a product or service.

In addition to these amendments, the California Attorney General recently released draft regulations to provide clarity and guidance regarding enforcement of the CCPA.  The draft regulations set forth guidance regarding the notices businesses should provide to consumers under the CCPA including additional categories of data in businesses’ online privacy notices that were not previously specified in the CCPA.  Other provisions in the Attorney General’s draft regulations addressed businesses’ practices for handling consumer requests, businesses’ practices for handling the personal information of minors, and businesses’ financial incentives offered to consumers.

These draft regulations are open for public comment, with public hearings going on this week from December 2-5, 2019.  We will update you with further information as we receive them following these hearings.

Once the final regulations are adopted, they are intended to “implement, interpret and make specific” the provisions of the CCPA, pursuant to the Attorney General’s rulemaking authority under the CCPA.

As organizations prepare for CCPA compliance, businesses should consult with knowledgeable privacy counsel to evaluate whether and how these changes apply to your organization, and what appropriate steps are needed to comply with the CCPA.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Clark Hill PLC | Attorney Advertising

Written by:

Clark Hill PLC

Clark Hill PLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.