There were a slew of sessions on the California Consumer Privacy Act (CCPA) at the Privacy+Security Forum in Washington, D.C. this week. I need to find time to read up more on the law and the regulations that have been introduced as CCPA is shaking things up big time. As one example, one law firm has identified almost two dozen significant impacts they see in the draft regulations. Daniel Felz of Alston & Bird writes that their advisory covers a number of topics, including
- Why posting a CCPA privacy policy on your website may not be enough to satisfy your CCPA notice obligations – instead you may need additional “just in time” notices at every specific point where you collect data (or lose the right to collect it);
- Why you may hear discussions about a potential return of Do Not Track in the online context, this time as a “Do Not Sell My Info” request;
- Why brick-and-mortar interactions with consumers may require companies to faciliatate “offline” CCPA rights requests; and
- Why companies that take a position as vendor or service provider may need to examine any aspect of their business that involves pooling customer data for regulatory risk.
Read their full advisory here.
Taking a somewhat lighter approach, Odia Kagan of Fox Rothschild provides us with the Ten Commandments of CCPA Compliance:
- Thou shalt make for yourself a person overseeing privacy compliance in thine corporation.
- Thou shalt map thy data so thou knowest what it is, wherefrom it cometh and where it is shared.
- Thou shalt keep thy service providers close and thy third parties closer and revise thine own agreements with them.
Read all the commandments on Privacy Compliance & Data Security.