California’s Attorney General released draft versions of the regulations to the California Consumer Privacy Act (“CCPA”) in early October. The proposed regulations provide additional detail concerning requirements in areas of the CCPA like consumer verification requests, notice provisions, privacy policies, and the “non-discrimination” provision. However, the new regulations have left some businesses and professionals more confused in other areas like opt-out requests.
Notably, the CCPA regulations provide additional direction in consumer data requests, including how long businesses have to respond and the nature of the response as well as how they should internally treat the request. The proposed regulations also dictate more specific standards around verifying a consumer’s identity following a request; and how sensitive information may be used to do so.
Additionally, the proposed regulations offer more specific standards and guidance for calculating the value of personal information provided to businesses. This will be useful to businesses that intend to charge consumers different prices based on access to their information or through product offerings that could implicate consumer information rights under the CCPA.
While the current regulations are just proposals, and may look different by the time they go into effect, what has been disclosed so far indicates that those waiting on California’s regulators to clarify the most confusing aspects of the CCPA may continue to be disappointed.
If you have any questions regarding California’s new Consumer Privacy Act or other privacy or data security matters, contact Rudy E. Verner at BHGR Law at 303-402-1600.
This article is intended to provide general information and, therefore, should not be treated as legal advice. If you have questions about a specific legal issue, you should seek the advice of a qualified attorney.