The comment period has closed on the third round of proposed changes to the California Consumer Protection Act ("CCPA"), which were announced October 12, 2020, by the California Office of the Attorney General. There are a number of disputes regarding how the proposed revisions will impact a California consumer, but a number of the proposed revisions appear to address the manner in which a consumer may engage in the opt-out collection process.
The Office of the AG will evaluate the comments and send the proposed regulations for approval by the state’s Office of Administrative Law. The changes, scheduled to take effect on January 1, 2021, will apply to all businesses that satisfy the threshold CCPA requirements. The threshold question is whether the business conducts operations in the State of California and:
- has a gross annual revenue of over $25 million worldwide;
- buys, receives or sells personal information of more than 50,000 California residents, households, or devices; or
- derives 50% or more of its annual revenue from selling California consumer personal information.
“The current CCPA language allows for a business to create or implement its own opt-out process or language", said Rachel C. Edwards, Esq., an attorney with Jacko Law Group. “There are a number of very confusing terms that a consumer may not reasonably understand. From our review, the proposed changes now require businesses to use ‘non-confusing’ language.”
The New California Privacy Rights Act to Bring More Change
The underlying confusion that has surrounded the state’s new data privacy laws, however, may linger for some time. As of the drafting of this blog, California voters have approved Proposition 24 – the California Privacy Rights Act (“CPRA”), which is thought to provide California consumers with certain privacy rights and that creates the California Privacy Protection Agency (“CPPA”) that may enforce and implement California privacy laws.
“Since the CCPA is still being revised and updated by the California Legislature, it is unlikely that the CPRA will dispense of the CCPA,” Edwards said. “Rather, approval of the CPRA may result in the underlying concepts being incorporated into the next round of CCPA revisions. As changes continue to occur, and because these two concepts are very similar, it’s important that businesses clearly understand the distinctions between the CCPA and CPRA.”
Edwards cites two possible areas the CPRA may have an impact on the current version of the CCPA once the CPRA becomes law on January 1, 2023. One area of discussion is that the CPRA could restrict who is required to comply with the consumer protections detailed in the CPRA. Specifically, it is thought that the CPRA may limit the definition of what is considered a “business” and may exclude a number of smaller businesses that are now covered by the CCPA. The second area of discussion with the CPRA is a new right for consumers to make corrections to the collected material.
“The CPRA may grant consumers a right to request that a business correct inaccurate personal information maintained by the business about the consumer, taking into account the nature of the personal information and the purposes of collecting the personal information,” Edwards said.
Mitigate the Risk of Data Privacy
If you’re concerned whether your business is prepared for the next wave of changes coming to California’s data and consumer privacy laws, you’re not alone. Let the experienced team at Jacko Law Group assess your readiness and address the need for any updates to your data and consumer privacy protection policies. Contact us at 619.298.2880 or firstname.lastname@example.org to schedule a strategy session that can help your business remain compliant with California’s evolving data and consumer protection laws.
- Managing Partner and CEO
Michelle L. Jacko, Esq. is the Managing Partner and CEO of Jacko Law Group, PC, which offers securities, corporate, real estate and employment law counsel to broker-dealers, investment advisers, investment companies ...
Add a comment
- New SEC Climate Change and ESG Task Force to Enhance Investor Protection by Red Flagging Examples of Corporate Greenwashing
- What Investment Advisers Must do to Qualify for the DOL’s Prohibited Transaction Exemption for IRA Rollovers
- SEC Division of Examinations Cites Enhanced Focus on Business Continuity Processes, Protection of Retail Investors and ESG-Related Risks Among its 2021 Priorities
- FINRA Report Suggests Growing Need for Enhanced Risk Management in Cybersecurity and Outside Business Activities
- Deadline Approaching: Considerations for Your Form ADV
- Leveraging JLG's Latest Service: Real Estate
- Safeguarding Your Firm Against Fraudulent or Improper Recognition of Revenue
- New Advisers Act Advertising Rule to Undergo Further Review
- Investors, Advisers Must be Mindful to Comply with New U.S. Ban on Estimated $1 Trillion of Chinese Securities
- Your First Meeting on the SEC’s New Investment Adviser Marketing Rule Should Address These Topics
- Securities and Exchange Commission (SEC)
- Investment Advisers
- Regulatory Examinations
- Policies and Procedures
- Social Media Marketing
- Due Diligence
- Transition Services
- California Consumer Privacy Act (CCPA)
- Aging Clients
- Advisers Act
- Virtual Currency
- Dodd-Frank Act
- Ponzi Scheme
- Office of Compliance Inspections and Examinations (OCIE)
- Broker Protocol
- Securities Law
- Form U5
- Private Equity
- Private Funds
- Hedge Funds
- Regulation Best Interest
- Personally Identifiable Information (PII)
- Government Shutdown
- Risk Alert
- Exchange-Traded Funds (ETFs)
- Investment Company Act
- Rule 6c
- Wells Fargo