Despite the business disruptions brought on by the novel coronavirus, enforcement of the California Consumer Privacy Act (CCPA) is still set to begin on July 1. With that key date just around the corner and companies facing a new slate of COVID-19-related privacy issues, we cover the high-level action items California businesses should address to help get their compliance programs up to speed.
For the full alert, visit the Faegre Drinker website.
California’s Attorney General recently released revised draft regulations for the California Consumer Privacy Act (CCPA). Comments to the revisions are currently accepted through February 25, 2020.
Read the update to see the changes, with key additions and deletions highlighted.
After a long wait, the California Attorney General’s (AG) office held a news conference on October 10, 2019, and published proposed regulations implementing the California Consumer Privacy Act (CCPA). Companies gearing up for CCPA’s January 1, 2020, effective date should quickly review and assess the proposed regulations’ potential effects on their operations and consider attending upcoming public hearings or submitting public comments by December 6, 2019.
Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.
The critical role of data mapping in CCPA readiness and compliance
Although the California Consumer Privacy Act (CCPA) does not explicitly require that businesses engage in data mapping or relationship mapping, they probably won’t be able to develop effective CCPA compliance strategies without having both. Businesses that have engaged in data mapping in preparation for GDPR compliance will be able to leverage some of that work.
When people talk about data privacy, or data collection, or tracking technology, or analytics, or click farms, or bots, or data brokers, or geolocation, or mobile apps, or social media, or influencers, in the end what they’re really talking about is digital advertising. Yet while we may feel comfortable using the phrase to broadly describe any online marketing efforts, the purpose of digital advertising is quite different from the goal of a 30 second radio spot, and shares little with its Mad Men-era ancestors beyond the name.
But today, faced with a variety of new laws and regulations designed to protect consumer privacy, lawyers and their clients are obliged to take a much deeper and more nuanced dive into modern methods of digital advertising. And many are surprised at what they find.