June 19, 2021

Volume XI, Number 170

Advertisement

June 18, 2021

Subscribe to Latest Legal News and Analysis

June 17, 2021

Subscribe to Latest Legal News and Analysis

June 16, 2021

Subscribe to Latest Legal News and Analysis

CCPA’s Metrics Reporting Deadline Approaching

July 1, 2021 marks the deadline for certain businesses to comply with the metrics reporting obligations under the California Consumer Privacy Act of 2018 (“CCPA”) regulations. Section 999.317(g) of the regulations applies to any business that is subject to the CCPA and that knows or reasonably should know that it, alone or in combination, buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes the personal information of 10,000,000 or more California residents in a calendar year.

Businesses subject to the metrics reporting requirement must disclose by July 1 of every calendar year the following metrics for the previous calendar year:

  • The number of requests to know that the business received, complied with in whole or in part, and denied;

  • The number of requests to delete that the business received, complied with in whole or in part, and denied;

  • The number of requests to opt-out that the business received, complied with in whole or in part, and denied; and

  • The median or mean number of days within which the business substantively responded to requests to know, requests to delete, and requests to opt-out.

The metrics must be disclosed in the business’s privacy policy or posted on the business’s website and accessible via a link in the business’s privacy policy. Businesses may choose to compile the metrics based on requests received from all individuals or requests received solely from consumers (i.e., California residents). In the event the business discloses metrics based on requests received from all individuals, the California Attorney General may request that the business provide to it the metrics based on requests from consumers.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 161
Advertisement
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement