In Taft’s Privacy and Data Security Insight, we have been writing regularly on the California Consumer Privacy Act and what to expect as it goes into effect in January. Like many new privacy laws, panic begins to set in about how to actually address the new approach towards consumer privacy (remember the great GDPR panic of May 25, 2018?) In our last blog, we told you about the final amendments to the CCPA and how the language of the law will finally read. The next step to the implementation of the United States’ most comprehensive state privacy law is the issuance of the Attorney General’s Proposed Regulations, a Notice of Proposed Rulemaking Action, and an Initial Statement of Reasons. These draft documents attempt to answer the question burning in the minds of lawyers and businesses around the country: HOW am I supposed to actually do this? With these draft documents finally out (awaiting public comments until December), we have what we are to understand as the AG’s guidance to businesses on how to comply with the provisions of the CCPA, including, but not limited to:
- How to properly notify consumers;
- How to handle consumer requests;
- How to verify the identity of consumers;
- Collecting personal information of minors; and
- How the value of consumer data is calculated.
The California Consumer Privacy Act (“CCPA”) will go into effect on January 1, 2020.