The California Consumer Protection Act ("CCPA") will only come into force on January 2020, although five amendments to the CCPA had been already approved by the Californian legislator and are waiting for the Governor's signature.
The amended Act would clarify the exemption regarding de-identified or aggregated consumer information from the definition of "personal information", and streamline the definition of "publicly available data" to include only information that was lawfully made available from federal, state or local governmental records.
Additionally, in its first year in force, the CCPA will not apply to most employment related information, including personal information from job applicants, employees, business owners, directors, officers, medical staff or contractors, as long as it is collected and used solely within the context of employment. Certain B2B communications will also be exempted from the CCPA during the first year.
Moreover, the existing exemption for compliance with the Fair Credit Reporting Act ("FCRA") will be broadened. Retained information regarding vehicles for the purpose of warranty or recall-related vehicle repairs will be exempted on a permanent basis.
For businesses that operate exclusively online, the amendments also ease requirements regarding information requests. The CCPA requires businesses to provide customers with at least two designated methods for submitting requests for information, including a mandatory toll-free telephone number. The new amendment exempts businesses which operate exclusively online and have a direct relationship with consumers from providing two different means of communications; following this amendment, providing consumers only with an email address would be compliant.
Finally, businesses which collect and sell consumers' personal information to third parties, will be considered as data brokers and be required to register and pay a fee to California's attorney general by January 31 of each year.
The CCPA is set to become one of the most significant data protection legislations in
forget to check out
- a practical guide which
highlights the most important actions to be taken by organizations in order to comply
In any event, please do not hesitate to contact us for advice on the CCPA. We will be happy to assist your organization in performing a gap assessment and understanding the law's nuances in comparison to current privacy practices, including the GDPR.
This update was published as part of our Technology & Regulation monthly client update. To read more about HFN's Technology & Regulation Department, click here.