October 26, 2020

Volume X, Number 300


October 23, 2020

Subscribe to Latest Legal News and Analysis

CCPA Enforcement Still Imminent; Temporary Exemptions May Lapse

Despite the request for a delay in the enforcement of the California Consumer Privacy Act of 2018 (CCPA) made by five leading advertising and marketing trade associations, it appears CCPA enforcement will continue as planned.  As evidence of this, the California Attorney General recently issued a press release reminding Californians of their rights and businesses’ obligations under the CCPA.  In addition, the expected extension of existing but temporary CCPA partial exemptions for certain employee and B2B personal information until the end of 2020 may not materialize, given the extended recess of the California legislature and its intention to prioritize only relief-related bills.  Absent legislative action, employee and B2B data will become fully subject to the CCPA on January 1, 2021.

The California AG Press Release

On April 10, 2020, California Attorney General Xavier Becerra issued a press release reminding consumers of the importance of their privacy rights amidst a public health emergency.   The Attorney General highlighted that privacy rights are more important than ever when stay-at-home orders are forcing consumers to use “mobile phones and computers as a lifeline,” creating a “dependency on online connectivity.”  It also reminds consumers of their rights under CCPA that can be used “both during the emergency and afterwards,” expressly referencing that:

  • Websites that collect and sell personal information should have a “Do Not Sell My Information” link, which California consumers can click on to opt-out of the sale of personal information;

  • California consumers “can minimize or reduce” the data collected by businesses during or after the emergency by requesting that their data be deleted; and

  • Twice during any 12-month period, California consumers can request access to the personal information about them that a business collects, uses, shares, or sells.

The release includes an extensive section on protecting virtual meetings.  It stresses the importance of enabling the privacy and security settings of virtual meeting and conference software to avoid interruptions. The advice includes specific references to keeping meeting IDs private, protecting meeting IDs with passwords, turning off settings that may default to save chats, and using platform settings to enable additional protections (e.g., allowing only the host to share their screen, using waiting rooms, etc.).

The press release also includes security tips on:

  • Avoiding email scams: According to the California Attorney General, phishing emails are the most common coronavirus-related scam. The release provides tips on how to identify phishing emails and advises consumers against clicking on links or downloading files included in them.

  • Protecting home networks: The release advises consumers to keep all internet-connected devices up to date; ensure consumers have the latest versions of operating systems, browsers, and security software; and secure wireless routers by changing the name of the router and preset passphrase.

  • Protecting children online: The release provides links to online resources published by the California Attorney General (here) and the Federal Trade Commission (here) to help parents set boundaries and keep their children safe online.

New priorities in Sacramento

Also on April 10, California State Senate President Pro Tem Toni Atkins (D–San Diego) issued a letter that instructed state senators to reconsider their priorities and reduce the number of bills that will be taken up when the Senate returns to session. Both the Senate and Assembly are currently in a recess that has been extended to May 4 due to COVID-19 concerns. With a short legislative session potentially subject to new interruptions due to the pandemic and a re-alignment of priorities, it is unclear whether we will see any amendments to CCPA enacted this year. This could mean no extensions for the existing but temporary partial exemptions for employee-related personal information and business to business contact information, which are currently set to expire at the end of 2020.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume X, Number 108



About this Author

Glenn Brown Data Privacy & Cybersecurity Attorney Squire Patton Boggs Atlanta., GA
Of Counsel

A senior member of our Data Privacy & Cybersecurity Practice Group, Glenn Brown provides business-oriented advice to clients in numerous industries on data privacy and regulatory compliance matters, including regulatory investigations and examinations. He has experience driving privacy and compliance priorities within organizations and providing strategic counsel regarding privacy, compliance and risk to support the growth and success of the business.

Glenn also has deep experience advising clients regarding compliance with many of the US...

Lydia de la Torre Data Privacy & Cybersecurity Attorney Squire Patton Boggs Palo Alto, CA
Of Counsel

Lydia de la Torre provides strategic privacy compliance advice related to US and EU privacy, including data protection and cybersecurity law, General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), other state’s privacy and cyber laws, US financial privacy laws, and marketing and advertising compliance, as well as information security. She also represents clients in investigations with an eye toward helping them avoid litigation.

Lydia’s work in-house and with organizations has run the gamut, from pre-IPO start-ups to mature Fortune 500 companies, in a multitude of industries, including e-commerce, fintech and computer hardware. This experience has provided her with a direct understanding of client concerns.

Before joining the firm, Lydia served as co-director of the Santa Clara Law School Data Privacy Certificate Program, where she continues to teach privacy law.

Lydia is a frequently invited speaker on privacy-related topics, such as the freedom of speech implications of privacy laws, ethics and privacy, the application of privacy laws to blockchain technology, financial privacy laws and the CCPA. She is also a prolific writer and has been published in a variety of outlets, from mainstream media to privacy and legal publications. She is the editor of Golden Data, a Medium publication focused on data laws.

Lydia is a member of the California Lawyers Association’s Antitrust and Privacy Section and an adjunct professor at Santa Clara Law School.

Elliot Golding Privacy and Cybersecurity Attorney Squire Patton Boggs

Elliot Golding (CIPP/US) is a member of our Data Privacy & Cybersecurity Practice and Healthcare Industry Group leadership team, where he provides business-oriented privacy and cybersecurity advice to a wide range of clients, with a particular focus on companies handling healthcare and other personal data. He has been selected as an honoree in Global Data Review’s inaugural 40 Under 40 list, representing the best of the data law bar around the world.

Elliot partners with clients to proactively manage risk by developing and implementing information governance programs,...