The California Attorney General Xavier Becerra has released the draft proposed regulations on how the state will enforce the California Consumer Protection Act (CCPA) that comes into force on January 1, 2020.
A period for written public comment will close on December 6, 2019. A second public comment period will follow for any subsequent revisions, meaning the final regulations may not be published until close to the July 1, 2020, deadline set by the legislature. However, Becerra made it clear that 'the law is the law', and covered firms need to be compliant from January.
Becerra's regulations are important. CCPA was drafted after Europe's General Data Protection Regulation and following the Facebook/Cambridge Analytica debacle -- and possibly with too much haste. The AG's regulations will provide guidance on the more challenging issues and ambiguities within the legislation, and potentially provide a checklist on how covered firms should treat compliance.
The guidance is in the form of a 24-page document comprising seven Articles. The first is general scope and definitions. The last is a standard severability statement. The meat is found in the intervening five Articles (the following is far from a complete summary of the content).
Article 2 provides a detailed discussion on the data collection notice that must be provided to consumers. This must be presented at or before any data collection. It must be in plain and visible language. It must explain what is collected and why. If information is sold, the notice must include a link to the ability to instruct, 'do not sell my information'. 'Do not sell' and 'do not track' instructions must be obeyed.
Article 3 examines the requirements on handling consumer data requests. This must include at least two methods f ..
Support the originator by clicking the read the rest link below.
