The California Attorney General’s Office released its long-awaited proposed CCPA regulations last week. The proposed regulations are 24 pages long, and address a number of important technical compliance issues including how businesses should:
- provide just in time notice to consumers of personal information collected;
- provide notice to consumers of the right to opt out of the sale of personal information;
- provide notice to consumers of financial incentives;
- provide methods for consumers to submit requests to know and requests to delete their personal information;
- respond to consumer requests to know and requests to delete their personal information
- respond to consumer requests to access or delete household information;
- respond to requests to opt-out;
- respond to requests to opt-in after consumers exercise their right to opt out of the sale of personal information; and
- verify consumer requests.
The AG’s office also released a 47-page Initial Statement of Reasons.
Ballard’s Privacy & Data Security lawyers are carefully reviewing the proposed regulations and will be providing thoughts in the coming days on the effect of the proposed regulations, what they mean from a compliance standpoint, what issues the proposed regulations fail to address, and what’s next for the CCPA.