In the run-up to January 1, 2020, the California legislature and Attorney General are rushing to provide clarity to the California Consumer Privacy Act of 2018 (CCPA)—and businesses are rushing to interpret and implement these new changes and guidelines.
With less than two months to go, we wanted to provide an additional overview and analysis of the key amendments the California legislature passed, in addition to our analysis of the draft California Attorney General Proposed Regulations.
On October 11, 2019, the Governor signed seven assembly bills, five of which amend the CCPA and two of which have indirect effects on the CCPA. In these bills lie: (a) limited reprieves from the January 1, 2020 deadline; (b) further clarity on what businesses must do to verify or authenticate a consumer request; and (c) further requirements on what businesses must include in their privacy notices—and what they can exclude.
A Quick CCPA Refresher
At a high level, the CCPA provides California consumers the following rights:
The CCPA applies to all for-profit businesses that do business in California, whether located in California or not, and meet any of the following conditions: a) have annual gross revenues in excess of $25 million or more; b) collect, sell or share for commercial purposes the personal information of at least 50,000 consumers, households or devices; or c) derive at least 50 percent of its annual revenues from selling consumers’ personal information.
The October 2019 CCPA Amendments
The amendments have added some additional clarity to the CCPA and afforded businesses some temporary relief.
The key is: businesses that offer variable pricing, premiums or coverage have to make sure that those differences are made for the right reasons, and not for the wrong reasons. To the list of wrong reasons, the CCPA now adds consumer choices with respect to their personal information.