Featured Product
This Week in Quality Digest Live
Management Features
Eric Whitley
Seven tips for efficient maintenance
Zhanna Lyubykh
Consequences and costs of abusive supervision
Dario Lirio
Modernization is critical to enhance patient experience and boost clinical trial productivity
Oliver Binz
Better internal information systems help managers tell consumer demand from inflationary pressure
Dale Crawford
Electrical contractors and other skilled trades are losing institutional knowledge

More Features

Management News
Attendees will learn how three top manufacturing companies use quality data to predict and prevent problems, improve efficiency, and reduce costs
More than 40% of directors surveyed cite the ability of companies to execute as one of the biggest threats to improving ESG performance
MIT Sloan study shows that target-independent compensation systems can be superior
Steps that will help you improve and enhance your employee recruitment, retention, and engagement
300 Talent acquisition leaders and HR executives from companies gather in Kansas City
FedEx demonstrates commitment to customer-focused continuous improvement
SONY-based 8MP color, UVC USB, high-speed camera provides high dynamic range and dual-stream support
Configuration lifecycle management provider saw 42% increase in annual recurring revenue
Designed to offer a comprehensive safety solution for fleet vehicles and workforce personnel

More News

Matt Dumiak


CCPA Recent Updates: What You Need to Know

Amendments to the California Consumer Privacy Act go into effect no later than July 2020

Published: Wednesday, October 31, 2018 - 12:00

(CompliancePoint: Duluth, GA) -- It should come as no surprise to anyone that the California State Legislature has passed, and the California governor has signed, amendments to the California Consumer Privacy Act (CCPA). Having previously been a ballot initiative, one of the main drivers to get the CCPA passed as traditional legislation was to allow the law to go through the standard legislative process, as opposed to the previous ballot initiative that would have made the law difficult and arduous to amend.

First, the legislature gave the California attorney general some additional time to develop the implementing law as well as pushed back the enforcement date by up to six months, which will be no later than July 1, 2020, for now. Although the enforcement date could be set before July 1, 2020, we will have to wait and see when the regulation is implemented by the attorney general. Companies should be preparing to be compliant by Jan. 1, 2020, and be standing by for enforcement by July 1, 2020.

Further, the amendments add some language around the fine amounts. They can be up to $7,500 per intentional violation. Along these lines, the legislature also removed the requirement to notify the state attorney general within 30 days of filing an action against a company, which used to give the attorney general the power to approve or dismiss the action right out of the gate.

The amendments also provide more clear exemptions to the CCPA in terms of the previously nebulous exemptions regarding personal data and the Gramm-Leach-Bliley (GLB) Act, the Health Insurance Portability and Accountability Act (HIPAA), and the Driver’s Privacy Protection Act (DDPA), which should help companies that are affected by those regulations scope out some of the personal data within their environments. Keep in mind, however, that these exemptions should be reviewed carefully and applied after thorough analysis.

Last but certainly not least, the amendments updated the notice requirements around the right to be deleted, in order to give businesses some freedom regarding where the disclosure is made; the amendments state it should be made in a reasonable place for the consumer. The amendments also provided clarification around preemption of the law and the U.S. constitution.

As mentioned in the beginning of this overview, it is no surprise that amendments were made to this regulation, and we’ll continue to monitor for future amendments that are likely to occur.

To make the appropriate notice disclosures and honor the right to opt out of access, deletion, and sale of personal data, companies must be intimately aware of the personal data processed within their environments and how the personal data are sold and shared for business purposes. This is not a task that can be accomplished overnight, and companies must begin working to determine if and how this regulation applies to them and begin planning how they will comply.


About The Author

Matt Dumiak’s picture

Matt Dumiak

Matt Dumiak is the director of privacy services and customer engagement compliance at CompliancePoint, where he focuses on U.S. and international direct marketing compliance regulations. He works with clients in a variety of industries and is dedicated to providing reliable and practical consulting services.