California Offers Updates to New Privacy Law

March 9, 2020 LRN Corporation

The California Consumer Privacy Act became law Jan. 1, but the actual process of drafting the regulation continues, with a final version expected before the July 1 enforcement date.


After requests from data privacy and cybersecurity experts for additional clarity in the law, the California Attorney General’s office released some of the first major proposed updates to the CCPA, with implications for both consumers and companies. 


One of the more significant proposed updates to the data privacy law is a clearer definition of “personal information” in a new section, “Guidance Regarding the Interpretation of CCPA Definitions.” The key takeaway, according to a VentureBeat article, is whether or not data is classified as personal information will depend on if it is linked--or can be linked--to a consumer or household. The section allows for other definitions essential to understanding and implementing the regulations to be added later. 


The proposed updates clarify how consumers will receive opt-out and other data privacy notices, and specify how, and when, companies will deliver a consumer’s request for data. New exceptions to the rule are listed out for businesses, specifically when it comes to responding to a consumer’s request to know what personal information has been collected about them, their children and their devices. Similarly, the update adds some color to when service providers can retain, use, or disclose personal information. 

Many companies may struggle to keep pace with the proposed CCPA revisions, and with future regulations. To prepare for these changes, organizations might start by assessing their own data structures and separating what they’re asking of customers from what’s being tracked without consent. 

A DigitalCommerce360 article suggests businesses should consider how much of the information they collect is necessary, and will realistically benefit the consumer experience, as opposed to what’s being captured simply for the sake of being captured.

Balancing a personalized consumer experience with data protection may be particularly tricky for some companies, especially retailers. Companies may need to ramp up their transparency by informing consumers of privacy policy changes, and educating them on how to control their personal data to cultivate trust and retain interest among consumers.

States including New York and Nebraska are moving forward with privacy legislation, as are India and other countries. With data privacy top-of-mind both in the U.S. and abroad, consumers are sure to continue to voice their concerns. 

To stay ahead of future data privacy laws and maintain consumer trust, companies will be wise to work toward CCPA compliance. Pursuing a consumer-first approach while prioritizing data organization and data policy transparency could be keys to success.

About the Author

By combining values-based education, rich insights, and expert advisory services into innovative, comprehensive solutions, LRN can help elevate behavior and the bottom line for your company.

More Content by LRN Corporation
Previous Post
More Data Privacy Regulations, Violations to Come
More Data Privacy Regulations, Violations to Come

With more data privacy regulations being proposed, the smartest companies are taking steps to understand cu...

Next Post
Building a Moat is Good for Business
Building a Moat is Good for Business

Because ESG-related risks are constantly changing, companies need to adjust to new regulations, stakeholder...