The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Additional CCPA Regulations Proposed by California AG

by Chris Brook on Tuesday December 15, 2020

Contact Us
Free Demo
Chat

The potential updates to the data privacy law build off of others proposed in October.

California's Attorney General again is proposing some changes to how the California Consumer Privacy Act is regulated.

In a document published last week, California's AG Xavier Becerra - President-elect Joe Biden's nominee for secretary of health and human services – outlined some proposed additional modifications to certain provisions of the approved CCPA regulations.

While the CCPA - the United States' premier state privacy law - went into effect earlier this year, California's Office of Administrative Law (OAL) didn't approve the regulations regarding the law via the Department of Justice until August 14, 2020.

The recommended changes build off of updates proposed back in October regarding consumer opt out requests. Those interested in submitting a comment for the proposed regulations have until 5 p.m. on December 28.

The first proposed modification involves how data is collected from consumers offline. In October the AG proposed that "a business that collects personal information in the course of interacting with consumers offline shall also provide notice by an offline method that facilitates consumers’ awareness of their right to opt-out."

Now the AG is proposing businesses inform consumers of their right to opt out, either via a sign in an area where personal information may be collected or orally, if on a call. From there, consumers can view the notice online instead of having it read to them or having to read it in person somewhere.

The second proposed modification is a new one but should sound familiar to anyone who tracked CCPA regulations in the early goings. It involves the use of a website button that by clicking will allow individuals to request to opt out of the sale of their personal information.

“The following opt-out button may be used in addition to posting the notice of right to opt-out, but not in lieu of any requirement to post the notice of right to opt-out or a 'Do Not Sell My Personal Information' link," the modified regulation reads.

Previous draft regulations included an opt-out button that would have informed companies individuals weren't interested in having their personal information sold. The opt out button was ultimately scrapped in March amid a round of CCPA amendments. At the time, critics of the button suggested it would cause more confusion than clarity; we’ll see if it sticks around this time.

Of course, whatever regulations wind up moving on, they'll be temporary. The state's latest data privacy bill, the California Privacy Rights Act, is set to replace the CCPA in two years.

Tags: Compliance

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.