CCPA Enforcement Begins

July 20, 2020
LRN Corporation

The California Consumer Privacy Act took effect in January, with enforcement officially beginning on July 1, despite pushback from some organizations and companies to the law that offers California residents access to, and more control over, personal data collected on them by businesses.

 

Organizations such as the Association of National Advertisers requested a delay to the enforcement date, citing several reasons, including confusion over specifics within the law, and financial and logistical worries related to COVID-19. 

The state responded with numerous updates and clarifications. One of the main requirements of the law-that customers are notified of their rights at or before the point of personal data collection-was recently clarified, according to an article in JD Supra.

Businesses can use their privacy policy as a notice of data collection as long as it meets certain required disclosures. The privacy policy and notice must comply with the Web Content Accessibility Guidelines, which ensure consumers with disabilities can access and understand the notice.  

In addition, service providers now have more flexibility in how they can use, retain, and disclose personal information. Further clarifications allow for service providers to use a subcontractor to improve services, mitigate security risks, and comply with applicable laws. They are under no obligation to give a detailed response to any consumer request, and instead can refer the consumer directly to the business. 

When it comes to consumer requests, the state confirmed businesses are required to verify and respond within specific timeframes. For example, a consumer request to opt out of the sale of their personal information must be fulfilled within 15 days. Companies have to provide at least two methods of submission–not just email–for most types of consumer requests. They need to treat consumer-enabled privacy controls, such as disabling cookies, as a valid request to opt out of the sale of their personal information.

The updates and clarifications may give businesses a bit more leeway as they work quickly to meet the law’s requirements. CCPA enforcement may experience “some bumps in the road,” since the law is the first of its kind in the U.S., according to Adweek. Many businesses have been preparing since the law took effect in January, and have already taken concrete steps to comply.

Media organizations, such as Vox, have already made platform additions for advertisers; others, including Bloomberg, are working on overhauling their previous data strategies. Companies that haven't started making changes to meet CCPA regulations need to work fast to create compliant policies now that enforcement has begun.

Please visit LRN’s resource page for more on CCPA and other data privacy laws and issues.

About the Author

LRN Corporation

Ethics and compliance leader providing tools, education, and advisory services for global companies to inspire principled performance.

More Content by LRN Corporation

Most Recent Posts

Taking Measure of the Moment: The E&C Pulse

Taking Measure of the Moment: The E&C Pulse

COVID-19 has forced organizations to think about their purpose, and how can they fulfill that purpose in a way that meets the moment.

Learn More
Business Groups Oppose White House Order on Diversity Training

Business Groups Oppose White House Order on Diversity Training

The U.S. Chamber of Commerce and more than 150 business and nonprofit groups say the executive order created confusion and undermined workplace equity.

Learn More
Setting a Board Strategy for E&C: The E&C Pulse

Setting a Board Strategy for E&C: The E&C Pulse

For all the talk about E&C, most boardrooms still don’t have a strategy to serve as the foundation for their oversight of the function.

Learn More