California Consumer Privacy Act

Subscribe to California Consumer Privacy Act
shutterstock_661622035

Commentors on the final California Consumer Privacy Act regulation queried: “Are session cookies a “unique personal identifier?”

The California Attorney General replied: Maybe, depending on the context.

  • A “unique personal identifier” is a persistent identifier that can be used to recognize a consumer.
  • If a session cookie cannot be used to recognize a consumer, family

CCPA Regulations

Commenters to the final California Consumer Privacy Act (CCPA) regulations asked if it is possible to provide information about, and access to the “Do not Sell” link and/or opt out opportunity in the privacy notice?

The California Attorney General’s answer: No.

  • The notice of right to opt out is a separate obligation from the CCPA’s

Act or CCPA symbol

Commenters on the final California Consumer Privacy Act (CCPA) regulations asked if a company gives you a product without charge but in consideration for your information,  could that still be deemed a financial incentive requiring the company to calculate and disclose the value of the consumer’s data?

The California Attorney General’s answer: Yes.

  • If you

shutterstock_1048545287

Compliance takeaways from the International Association of Privacy Professionals (IAPP) California Consumer Privacy Act (CCPA) Enforcement Keynote Session:

  • It is important for businesses to understand the law. It is complex and has many nuances.
  • Your customers are looking, your competitors, your employees are looking, and the CA AG is looking at the private class actions

CCPA Regulations

Comments to the final California Consumer Privacy Act regulations asked if the  CCPA carve-out regarding the Gramm Leach Bliley Act (GLBA), the data protection law governing US financial institutions, applies to:

  1. Financial institutions under GLBA
  2. Service providers that must comply with GLBA
  3. Sources of information that are subject to GLBA
The California Attorney General’s Answer:

Act or CCPA symbol

Comments on the final California Consumer Privacy Act (CCPA) regulations asked if data brokers should be required to identify the factors they use in algorithmic decision making practices that affect the consumer, such as consumer scores?

The California Attorney General responded:
  • Inferences derived from personal information to create a profile about a consumer are personal

CCPA Regulations

Comments to the California Consumer Privacy Act (CCPA) final regulations asked: “If you get an access request and you know that the underlying motive for it is to conduct discovery for the purpose of contemplated litigation, do you have to comply with the access request?”

The California Attorney General’s Response: Yes. There is no exception

Act or CCPA symbol

Under the California Consumer Privacy Act (CCPA), a data breach resulting from a lack of “reasonable security procedures and practices” gives rise to a private right of action (e.g. for a class action lawsuit).

Comments to the final CCPA Regulations asked the California Attorney General for more explicit guidance as to what constitutes such measures.