July 5, 2020

Volume X, Number 187

July 03, 2020

Subscribe to Latest Legal News and Analysis

July 02, 2020

Subscribe to Latest Legal News and Analysis

As CCPA Pressure Heats Up, Here’s What Should Be on Your Summer To-Do List

The world has markedly changed since the California Consumer Privacy Act (CCPA) became effective on January 1, 2020. Under shelter-in-place orders and even amid gradual reopenings, many states have required businesses to slow or stop production as the country and world adjust to a new normal in light of COVID-19.

But the California Attorney General’s (AG) Office remains determined to begin CCPA enforcement on July 1, even though the draft regulations may not yet be final.

With July 1 just around the corner and companies dealing with a new slate of COVID-19-related privacy issues, now is an ideal time to focus or refocus on CCPA compliance.

Your CCPA Summer To-Do List

  • Consider COVID-19: Your company may be collecting new data from employees and customers in response to COVID-19, but did you know that collecting health or other personal information may impact your CCPA obligations?

  • Inventory Collection and Add Just in Time Notices: Do you know all the places personal information is collected (e.g., apps, surveys, sweepstakes, chat bots, et cetera)? Do you have a notice at each collection point?

  • Analyze the Impact to Other Parts of the Business: CCPA obligations don’t begin and end with your website. Consider how your company’s compliance with the CCPA affects other aspects of the organization, like document retention policies and procurement.

  • Do a Tabletop Exercise

    • Access to Specific Pieces of Information: What would a report from your company look like? Are you comfortable with that report appearing in the press? Do you even need all of that data? Now would be a great time to inventory and determine whether some data hygiene is in order.

    • Authenticating Consumers: Test the user experience. How is it working? Does your authentication process align with the regulatory framework set by the CCPA?

Looking Ahead

Remember, the current CCPA regulations still aren’t final. Even companies that believe they are currently fully compliant will have to review the final version to be sure.

In addition, it appears that the California Privacy Rights Act (CPRA) ballot initiative will likely make it to the ballot this November, meaning further changes to California’s privacy laws are possible. If the CPRA provisions were enacted, they would go into effect on January 1, 2023, with enforcement beginning July 1, 2023. With some working aggressively to institute new data privacy obligations, covered businesses would do well to keep their eye on elections and their compliance programs and strategies, flexible.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume X, Number 153


About this Author

Amie Peele Carter Privacy and Intellectual Property Attorney Faegre Drinker Law Firm Indianapolis

Amie Peele Carter is a privacy and intellectual property lawyer. She is passionate about helping clients create, protect and leverage value, specifically where the worlds of privacy, eCommerce and advertising law intersect. Amie's client base includes Fortune 100 and 500 companies, mid-sized and small companies, entrepreneurs, sports organizations and athletes, marketing agencies, TV personalities, and publishers.

Amie has served as the Attorney of Record in writing two amicus briefs submitted to the United States Supreme Court.

317 237 1180
Katherine Armstrong, Drinker Biddle Law Firm, Washington DC, Data Privacy Attorney

Katherine E. Armstrong is counsel in the firm’s Government & Regulatory Affairs Practice Group where she focuses her practice on data privacy issues, including law enforcement investigations, and research and analysis of big data information practices including data broker issues.

Katherine has more than 30 years of consumer protection experience at the Federal Trade Commission (FTC), where she served in a variety of roles, including most recently as a Senior Attorney in the Division of Privacy and Identity Protection.  In the Division of Privacy and Identity Protection, Katherine lead Fair Credit Reporting Act (FCRA) initiatives, including law enforcement investigations, consent negotiations, rulemakings, and other interpretive policy initiatives.  During Katherine’s tenure at the Commission, she served as an Attorney Advisor to Chairman Janet Steiger and Commissioner Sheila Anthony and was responsible for counseling on matters of consumer protection policy and enforcement.