The California Consumer Privacy Act continues to evolve and is taking shape nicely with just five months to go until it becomes compulsory. The California State Senate recently voted on seven amendments to the Act, with most of them passing through without change.
So, let’s go through what the Senate voted to include in the legislature.
Assembly Bill 25
The amendment to this bill gives companies an extra year to track, respond and comply with employees who request the disclosure, copies or deletion of their personal information. A year may sound like a long time to give to a company in this case, but bear in mind that they will still have to disclose what information they store and the reasons for doing so. Experts have also suggested that employee privacy will be subject to stricter laws and regulations in the coming years, so keep an eye out for that.
Assembly Bill 846
This bill is commonly known as the loyalty program bill due to its original goal of excluding customer loyalty programs from the CCPA’s anti-discrimination provision due to the fact that many Californians are happy to be a part of these programs. That is, of course, so long as the loyalty programs in question are not coercive, deceitful or unreasonable in any way. The amendment to this bill states that organizations practicing loyalty programs will not be allowed to sell the data they collect through them.
Assembly Bill 874
The CCPA currently defines what publicly available information is, namely data “used for a purpose that is not compatible with the purpose for which the data is maintained and made available in the government records or for which it is publicly maintained.” Bill 874 changes that definition to include data made available through federal, state or local government records. It also excludes data that is “deidentified” or “aggregated.”
Assembly Bill 1146
This amendment is related to vehicle information. It states that, under the CCPA, data gathered or retained regarding warranty or recall information would be exempt. The reason for this amendment has to do with product recall in accordance with federal law.
Assembly Bill 1202
Originally, this bill required that data brokers must comply with opt-out requests. After the amendment, data brokers are no longer required to comply with opt-out requests where the sale of consumer data is concerned.
Assembly Bill 1355
In a follow-on from Assembly Bill 874, Bill 1255 exempts deidentified or aggregated data from being defined as personal information. This bill is essentially just a revision of drafting errors that are common with the implementation of complex compliance mandates.
Assembly Bill 1564
Finally, this part of the CCPA required consumers to be able to submit requests through either a toll-free number, email address or a physical address. The language was changed here slightly so that organizations that operate “online-only” businesses do not have to provide a toll-free number.
If you’re looking to ensure that your organization is compliant with the CCPA, come and take a look at how Lepide could help you. Our Data Security Platform, LepideAuditor, allows you to produce compliance-ready reports specifically tailored for CCPA. If you would like to see this in action, schedule a demo with one of our engineers.