California Attorney General issues update on CCPA enforcement
Enforcement of the California Consumer Privacy Act (CCPA) has been in place for just over a year and, in announcing this step, Attorney General Rob Bonta said there has been “great progress” in the process. share of companies required to comply.
According to a press release from the attorney general’s office, after receiving a notice of alleged violation, 75% of companies took action to bring themselves into compliance within the statutory 30-day deadline. The remaining 25% of companies that have received a notice of suspected violation are either within the 30-day processing period or are under active investigation, according to the press release.
“The Attorney General has focused on consumer complaints in fiscal year 2020-2021, and that focus appears to have been on large corporations and egregious violations,” said June Coleman, member of ACA International, legal counsel at Messer Strickler Ltd. “With the voter approval of the Consumer Privacy Rights Act (CPRA) initiative in November 2020, this effort will be transferred to a separate body to enforce the [law]- California Privacy Agency. Once the [agency] is operational, you can expect to see more law enforcement efforts.
Coleman added that the California Privacy Protection Agency (CPPA) has $ 10 million in funding, which is two and a half times the amount the Attorney General can spend on law enforcement and 20 times the funding for law enforcement. application allocated to the California Office of Privacy Protection when it closed in 2012.
“Additionally, the new CPPA has a dedicated auditor position, so we can expect there to be more audits,” Coleman said. “This will further inspire our industry to ensure that we are in compliance with the [privacy law.]”
As a reminder, the main CCAC requirements include:
- Businesses must disclose data collection and sharing practices to consumers;
- Consumers have the right to request that their data be deleted, although there are exceptions that should apply to the collection industry;
- Consumers have the right to ask what information is collected; and
- Businesses are required to provide a privacy notice before collecting information from a consumer.
The California Department of Justice sees a wide range of consumer claims reported by businesses, as required by law.
Among businesses of similar size and scope, some reported millions of requests while others numbered hundreds. Bonta has also launched a new online tool that allows consumers to directly notify businesses of potential violations, according to the attorney general.
“Enforcing the CCPA marks a huge step forward for privacy in California, particularly at this time after the COVID-19 pandemic has shifted much of our lives online. We are happy to report that we are seeing great progress in implementing the CCPA, but there is still work to be done, ”Bonta said in the press release.
The application of the CCPA, which came into effect on July 1, 2020, includes notifying companies with a suspected violation to remedy it within 30 days before enforcement action can be initiated.
The attorney general has issued recourse notices to entities including data brokers, marketing companies, companies handling children’s information, media and online retailers.
The tool, available here, asks guided questions to explain the basics of CCPA to consumers before generating a notification that the user can then email to the business. This email may trigger the 30-day period given to the company to remedy its violation of the law, which is a prerequisite for initiating legal action by the Attorney General. The tool does not constitute legal advice.
For more information on CCPA, visit www.oag.ca.gov/ccpa.
Related content from ACA International
California releases more changes to CCPA data protection law
California Consumer Privacy Law Mapping
CCPA Clarity in California