Keypoint: The California Attorney General’s office once again published proposed modifications to its CCPA regulations. The modifications primarily focus on making changes to the provisions dealing with the right to opt out and authorized agent requests.

On October 12, 2020, the California Department of Justice published a third set of proposed modifications to its California Consumer Privacy Act (CCPA) regulations. The deadline to submit written comments is October 28, 2020.

The proposed modifications were published less than two months after the CCPA regulations went into effect on August 14, 2020. In general, the proposed changes focus on the provisions concerning the notice of the right to opt-out, requests to opt-out, and the use of authorized agents for making requests.

The proposed modifications are as follows:

Keypoint: Some additional changes to the CCPA regulations were made before they were filed with the Secretary of State and became effective.

As discussed in our prior post, on Friday, August 14, 2020, the California Office of Administrative Law (OAL) approved the California Office of the Attorney General’s (OAG) final CCPA regulations and filed them with the California Secretary of State (SOS). The regulations were immediately effective.

Notably, the final text of the regulations submitted to the SOS was modified from the one filed with the OAL. The OAG published an Addendum to the Final Statement of Reasons setting forth the changes. Many of the changes are stylistic and grammatical. However, some of the changes are substantive and will impact compliance efforts. The most notable changes are discussed below:

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: The modified proposed regulations make substantial changes to the proposed regulations, including modifying how consumer notices must be drafted and changing some of the requirements for receiving and responding to consumer requests.

On Friday, February 7, 2020, the California Attorney General’s office published a notice of modifications to the text of the proposed regulations regarding the California Consumer Privacy Act (CCPA). The AG’s office also published redline and clean versions of the modified regulations.

The changes modify the proposed regulations published by the Attorney General’s office on October 11, 2019. The changes are the result of four public hearings held in December 2019 and the submission of over 1,700 pages of written comments. The Attorney General’s notice states that the department will accept written comments on the proposed changes until 5:00 p.m. on February 24, 2020.

Based on guidance previously published by the Attorney General’s office, this abbreviated comment period reflects the Attorney General’s determination that the changes are “substantial and sufficiently related,” but not “major,” which would require a new 45-day comment period. Following review of written comments, the Attorney General’s office will publish an updated informative digest and final statement of reasons (with summary and response comments) in addition to the final text of the regulations.

Members of Husch Blackwell’s privacy and data security practice group will host a webinar on Wednesday, February 12 at noon CST to review and discuss the modified regulations. To register, click here.

Below is our analysis of the modified regulations.

Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.

Keypoint: Those hoping that the final CCPA regulations will clarify its requirements may be disappointed. 

According to an article in Bloomberg Law, California Attorney General Becerra does not anticipate his office making substantial changes to the regulations as proposed when it issues the final regulations.

The AG’s office published the proposed regulations on October

Saturday, November 2, will mark 60 days until the California Consumer Privacy Act (CCPA) goes into effect. While each organization will have its unique compliance challenges, as discussed below, there are a discrete set of tasks – at a minimum – that each organization needs to undertake in the next 60 days as the first steps toward compliance.

In addition, on November 13, members of Husch Blackwell’s privacy and cybersecurity practice group will present a webinar to discuss these tasks in greater detail.  For more information or to register, click here.

Keypoint: As of January 1, 2020, manufacturers of IoT devices will need to comply with new laws in California and Oregon.

It may be hard to believe but the California Consumer Privacy Act is not the only new law that will go into effect on January 1, 2020. Rather, new laws in California and Oregon that regulate IoT devices also will go into effect on that date. Below is an overview of those laws.