Late last week, the California Attorney General published much-anticipated proposed Regulations under the California Consumer Privacy Act (“CCPA”). The Regulations are extensive and contain a number of potentially material business impacts.
To help companies work through the Regulations, Alston & Bird’s Privacy & Data Security team published a client advisory outlining “21 Potentially Significant Business Impacts” from the proposed CCPA Regulations. View the full advisory here.
This advisory tackles a number of issues likely of interest to companies attempting to get ready for CCPA, including:
- Why posting a CCPA privacy policy on your website may not be enough to satisfy your CCPA notice obligations – instead you may need additional “just in time” notices at every specific point where you collect data (or lose the right to collect it);
- Why you may hear discussions about a potential return of Do Not Track in the online context, this time as a “Do Not Sell My Info” request;
- Why brick-and-mortar interactions with consumers may require companies to facilitate “offline” CCPA rights requests; and
- Why companies that take a position as vendor or service provider may need to examine any aspect of their business that involves pooling customer data for regulatory risk.
Alston & Bird is closely following the development of the CCPA and its Regulations. For more information, contact Jim Harvey, David Keating, Amy Mushahwar, Karen Sanzaro, or Daniel Felz.
