The California Attorney General’s Office released its long-awaited proposed CCPA Regulations this afternoon. The proposed Regulations are 24 pages long, and address a number of important technical compliance issues including how businesses should:
- provide just in time notice to consumers of personal information collected;
- provide notice to consumers of the right to opt out of the sale of personal information;
- provide notice to consumers of financial incentives;
- provide a CCPA compliant privacy policy;
- provide methods for consumers to submit requests to know and requests to delete their personal information;
- respond to consumer requests to know and requests to delete their personal information
- respond to consumer requests to access or delete household information;
- respond to requests to opt-out;
- respond to requests to opt-in after consumers exercise their right to opt out of the sale of personal information; and
- verify consumer requests.
The AG’s office also released a 97 page Initial Statement of Reasons (including appendices).
Ballard’s Privacy & Data Security lawyers are carefully reviewing the proposed Regulations. We will post our thoughts on the effect of the proposed Regulations, what they mean from a compliance standpoint, what issues the proposed Regulations fail to address, and what’s next for the CCPA in the coming days.