March 2020 will long be remembered as the month and year of en masse shutdowns. But the pandemic has done little if anything to slow new cybersecurity and data privacy laws. As highlighted below, regulations for one have been submitted (CA), another has gone into effect (NY), and yet another has been proposed (CA).
California Consumer Privacy Act (“CCPA”) Gets Confirmed by State Attorney General
After nine months, a lot of public input, and three proposed drafts, the regulations for enforcement of the CCPA have been submitted for approval. The final text of the regulations demonstrates how granular enforcement could be. Here are five examples:
- A business must provide at least two methods for consumers to send requests for deletion of their information.
- A service provider can retain, use, or disclose information in certain circumstances, such as to detect security incidents even after a deletion request.
- A business must confirm within 10 days that it has received a request to know what it has collected from consumers.
- A business must have a documented policy for verifying the identity of a person making a request related to their personal information.