Data Privacy Update: First CCPA warning notices distributed, California Assembly Bill 1281 and CPRA

California continues to lead the pack in terms of states implementing and enforcing consumer data privacy rights. Shortly after CCPA enforcement started, the California Attorney General (AG) issued a series of warning notices to various businesses. The content of those letters is confidential, but during a recent conference the Supervising Deputy AG shared some information about the letters. In general, the businesses that were targeted were not compliant with key provisions of the California Consumer Privacy Act (CCPA). Infractions include missing privacy disclosures on their website, such privacy policies and “Do Not Sell” links. Also included were notices to businesses that weren’t properly responding to consumer requests such as the right of access or deletion. Business have 30 days from the point of receiving the warning to resolve the alleged violation. W. Capra expects to see the first news of fines levied before the end of 2020.

More recently, Assembly Bill 1281 based the California assembly and was sent to Governor Newsom to sign. The purpose of this bill was to provide some relief for business that must comply with the CCPA in terms of employment and business-to-business data. Exemptions for these types of personal data have been extended through at least January 1, 2022. As expected, Governor Newsom signed the bill at the end of September, 2020. W. Capra clients are taking this as an opportunity to continue to focus and improve their processing of consumer data through enhancing their processes or reducing costs through automation.

W. Capra is continuing to monitor data privacy legislation across all states, and expects bills similar to the CCPA to be passed by many other states in 2021. California continues to be the leader of the pact, and even has another bill up for vote this November called the California Privacy Rights Act (CPRA) which would further expand the scope of the CCPA. The proposed legislation would create a new data type called “Sensitive Personal Information” (SPI) as well as afford consumers additional rights such as the right to correct inaccurate personal information, the right to limit the use of SPI, and the right to access data beyond the current 12-month lookback period. This law would potentially take effect January, 2023, with exception of the formation and funding of the California Data Privacy Protection Agency which would go into effect immediately. Organizations continue to face challenges with the shifting landscape of data privacy regulation.

Interested in learning more about how data privacy impacts your business? Contact Danny Omiliak (domiliak@wcapra.com) to learn more about the operational impacts of data privacy laws and how W. Capra can help with compliance to laws such as CCPA or GDPR.