September 21, 2021

Volume XI, Number 264


September 20, 2021

Subscribe to Latest Legal News and Analysis

Governor Newsom Signs CCPA Amendments

On the heels of the California Attorney General’s release of the draft California Consumer Privacy Act (CCPA) Regulations, on Friday Gov. Newsom signed seven bills amending various provisions of the CCPA. The relevant amendments signed by the governor are described below. With less than three months before the CCPA becomes effective on January 1, 2020, businesses will now need to take into account these amendments as they continue their compliance efforts.

Employee / Job Candidate One-Year ExemptionAssembly Bill 25 amends the CCPA until January 1, 2021, to add Cal. Civ. Code § 1798.145(g), which requires a business to comply with only the notice requirements under Cal. Civ. Code § 1798.100(b) and private cause of action for data breaches under Cal. Civ. Code § 1798.150 for the following types of consumers: employees, job candidates, business owners, directors, officers, contractors and medical staff. These types of consumers are not entitled to any other rights under the CCPA.

Consumer Requests Disclosure MethodsAssembly Bill 1564 amends the CCPA to add a Cal. Civ. Code § 1798.130(a)(1)(B), which permits a business that operates exclusively online and has a direct relationship with the consumer to provide only an email address as the method for submitting consumer requests. All other businesses must have two designated methods (including at least a toll-free number).

Business-to-Business (B2B) One-Year ExemptionAssembly Bill 1355 amends the CCPA until January 1, 2021, to add Cal. Civ. Code § 1798.145(l), which exempts written or verbal communication or a transaction between the business and the consumer, where the consumer is an employee or owner of another company, and whose communications with the business occur solely within the context of the business providing or receiving a product or service to such company. B2B consumers are still entitled to (a) bring a private right of action under the law (§ 1798.150), and (b) to the opt-out of sale right (§ 1798.120), but the opt-out of sale notice provisions in Cal. Civ. Code § 1798.135 would not apply to businesses.

•Personal Information Definition.

Assembly Bill 1355 amends § 1798.140(o)(2) of the CCPA, to provide that “personal information,” as opposed to “publicly available,” “does not include consumer information that is deidentified or aggregate consumer information.”

Assembly Bill 874

•Amends the definition of “personal information,” Cal. Civ. Code § 1798.140(o)(1)), to include “reasonably” in two places to state: “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.”

•Adds Cal Civ. Code § 1798.140(o)(3), which provides that “personal information” does not include “consumer information that is deidentified or aggregate consumer information.”

•Clarifies that “publicly available” in the definition of “personal information” means “information that is lawfully made available from federal, state, or local government records. ‘Publicly available’ does not mean biometric information collected by a business about a consumer without the consumer’s knowledge.” (Cal Civ. Code § 1798.140(o)(2)).

Notice Requirement. Assembly Bill 1355 amends Cal. Civ. Code § 1798.140(o)(2) to provide that a business’s privacy policy must disclose “the categories of personal information it has collected about consumers,” as opposed to “that consumer.”

Private Right of ActionAssembly Bill 1355 amends Cal. Civ. Code § 1798.150(a)(1) to clarify that class-action lawsuits may be brought only for data breaches pursuant to California’s data breach notification law when the personal information is “nonencrypted and nonredacted.”

Data Breach NotificationAssembly Bill 1130 amends Cal. Civ. Code § 1798.81.5 to require businesses to notify consumers when tax identification numbers, passport numbers, military identification numbers, or other unique identification numbers issued on a government document commonly used to verify the identity of a specific individual have been compromised in a data breach.

Vehicle Information. Assembly Bill 1146 amends the CCPA to add Cal Civ. Code § 1798.145(g)(1), providing that a consumer’s opt-out of sale right “shall not apply to vehicle information or ownership information retained or shared between a new motor vehicle dealer . . . and the vehicle’s manufacturer . . . if the vehicle or ownership information is shared for the purpose of effectuating, or in anticipation of effectuating, a vehicle repair covered by a vehicle warranty or a recall.”

Data Broker Registration. Assembly Bill 1202 requires data brokers to register with the attorney general, and requires the attorney general to create a publicly available registry of data brokers on its website, and grants the AG enforcement authority for violations of these requirements.

©2021 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume IX, Number 288

About this Author

Gretchen A. Ramos, Lawyer, Greenberg Traurig, Data, Privacy & Cybersecurity,The Cloud,Artificial Intelligence, Big Data

Gretchen A. Ramos is Co-Chair of the Data, Privacy & Cybersecurity Practice and focuses her practice on privacy, cybersecurity, and information management. A creative problem-solver with a long track record of success in commercial disputes, she never loses sight of the simple fact that she works in a service industry. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach to client service, including her bullet-pointed emails, snapshot executive summaries, and creativity in finding ways to streamline communications for in-house counsel with dozens of...