Since the California Consumer Privacy Act requires that businesses inform consumers about their new rights, privacy policies will be undergoing another round of updates. However, there is no indication yet that another round of email notifications will occur similar to what happened because of GDPR. The text does not require it, so we will have to wait and see whether it ultimately becomes a best practice to ensure that sufficient disclosure has happened.
Here is what will need to be updated pursuant to the CaCPA requirements:
Businesses are going to need to disclose the consumer’s rights to access, delete, opt out (for adults) and opt in (for kids) under the law. They must also disclose that businesses may not discriminate against consumers unless one of the exceptions in the law is met.
The designated methods for exercising these rights must also be added to business privacy policies. Two or more methods are required for the exercise of the right to access the personal information collected and sold.
A business that sells consumers’ personal information is required by Section 1798.120(b) to provide notice to consumers that personal information may be sold and that they have the right to opt out. Section 1789.135 specifies the form of such a notice.
Section 1798.185(a)(6) authorizes the CA Attorney General to establish rules and procedures to ensure that the notices and information provided by businesses are easily understood by the average consumer, accessible to consumers with disabilities, and available in the language primarily used to interact with the consumer. It is too early to say whether they will publish a GLB Act-like template that is universally adopted will be recommended.
Businesses will be required to update their notifications at least once every 12 months. Even if it was not specifically required by law, businesses would likely have to do this anyway because it is going to be important to keep up to date the categories of personal information collected and sold.
Businesses need disclosures for:
– California consumers of their rights under the law,
– the categories of personal information collected,
– the business purposes of the personal information collected,
– the categories of personal information sold,
– the methods to exercise their rights,
– the link titled “Do Not Sell My Personal Information” to the form to exercise the right to opt out.
Contact Clarip for Help with Your Privacy Program
The Clarip data privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping software, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie consent manager, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
Other Blog Posts on the California Consumer Privacy Act:
PWC Survey on CCPA: Enterprise Compliance Expected at 52% by January 1, 2020
California Adopts SB-1121 Amendments to Consumer Privacy Act
SB 1121 to Amend California Consumer Privacy Act Soon
California AG Objects to 5 Sections of CCPA Privacy Law
SB 1121 Won’t Make Substantive Changes to New California Privacy Law
SB 1121 Amendments Kickoff Debate Over California Consumer Privacy Act Changes
Expect AG to Issue California Privacy Regulations in June 2019
Will California’s Privacy Law Extend to the Rest of the Country?
Big Day for California Privacy Law
California to Pass New Privacy Law: CA Consumer Privacy Act