In January 2020, law firms and their clients doing business with Californians will need to ensure they are complying with the state’s new consumer privacy protection law. While enforcement does not begin until mid-year, firms should determine whether they or their clients are regulated under the new law, identify any necessary compliance measures they are lacking and begin their implementation now.
Last week, we looked at the businesses covered by the CCPA. Now, let’s look at what they need to do to prepare for compliance.
CCPA Requirements
The California Attorney General is actively formulating regulations to enact the CCPA. These rules will help guide businesses in applying the law to their activities. You can find the proposed regulations here.
The rules require that businesses planning to sell consumer information provide a notice of such at the time they collect that information from their customers. Businesses can satisfy this requirement by posting notices on their web sites and mobile apps:
- A “Do Not Sell My Personal Information†or “Do Not Sell My Info†link leading to a webpage containing a notice of consumers’ right to opt-out and
- A Privacy Policy link leading to the business’ annually updated online privacy policy that includes:
- Consumers’ rights under the CCPA, including their right to opt out of the sale of personal information and a separate link to the “Do Not Sell My Personal Information” page,
- The methods for submitting consumer requests, and
- A list of the categories of personal information that the business has collected about consumers, sold about consumers and disclosed about consumers for a business purpose in the preceding 12 months.
What Do I Need to Do?
Business owners should consult with their legal teams to determine their status under the CCPA.
In the meantime, be sure to review the California Attorney General’s site for more information on the law’s implementation. You can also sign up to receive email updates on the law.
