January 27, 2022

Volume XII, Number 27

Advertisement
Advertisement

January 26, 2022

Subscribe to Latest Legal News and Analysis

January 25, 2022

Subscribe to Latest Legal News and Analysis

January 24, 2022

Subscribe to Latest Legal News and Analysis

New California Privacy Regulator Invites Feedback to Proposed Rules under the California Privacy Rights Act

The California Privacy Protection Agency (the “Agency” or CPPA), the new California state agency created under the California Privacy Rights Act of 2020 (CPRA) to oversee and enforce the California Consumer Privacy Act (CCPA) and the CPRA, has recently called for preliminary public comments on a proposed rulemaking under the CPRA. See the invitation from the Agency and details on how to provide comments; the deadline for submissions is Nov. 8, 2021.

The Agency is welcoming all comments about any area over which it has rulemaking authority but has stated that it is particularly interested in comments regarding new or undecided issues not already covered by the CCPA. The Agency has provided a list of topics as guidance for comments, including:

  • Cybersecurity audits and risk assessments performed by businesses;

  • Automated decision-making;

  • Audits performed by the Agency;

  • Consumers’ right to delete, right to correct, and right to know, and what information should be provided in a right to know request;

  • Consumers’ rights to opt out of the selling or sharing of their personal information and to limit the use and disclosure of their sensitive personal information;

  • Consumers’ rights to limit the use and disclosure of sensitive personal information; and

  • The definitions and categories of information described in the CCPA/CPRA.

The Agency has also suggested a list of subtopics for each of the above categories of information it believes will be helpful in creating the new regulations. These questions include:

  • What the scope of the Agency’s audit authority should be;

  • How often, and under what circumstances, a consumer may request a correction to their personal information; and

  • What rules and procedures should be established to allow consumers to limit businesses’ use of their sensitive personal information?

The CPPA stated in its invitation that submitted comments “will assist the Agency in developing new regulations, determining whether changes to existing regulations are necessary, and achieving the law’s regulatory objectives in the most effective manner.” The slew of meetings the Agency has held in September, together with this notice of invitation to comment, serves as a reminder to companies that the CPRA is forthcoming, and that the Agency is taking a proactive role in overseeing it. The invitation also acts as an opportunity for companies to provide input on their concerns regarding the CPRA or proposed language for specific elements of the law. The Agency has until July 1, 2022, to finalize the regulations for the CPRA.

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XI, Number 272
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Philip E. Bryans Cybersecurity Attorney Greenberg Traurig Chicago
Associate

Philip E. Bryans advises clients on matters relating to U.S. and international data privacy and cybersecurity issues including navigating the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and state breach notification laws. He is a Certified Information Privacy Professional (CIPP/US). Philip also has experience with corporate mergers and acquisitions, venture capital, and securities, which he utilizes to better serve corporate clients in the privacy and cybersecurity areas...

312-476-5091
Advertisement
Advertisement
Advertisement