On August 14, 2020, the California Office of Administrative Law (“OAL”) approved the final California Consumer Privacy Act (“CCPA”) regulations submitted by the California Department of Justice and filed with the California Secretary of State “(SOS”). The CCPA regulations create data privacy rights for California consumers, such as the right to know, right to delete and right to opt-out of the sale of their personal information collected by businesses. It also provides additional data privacy protections for minors.
The CCPA went into effect on January 1, 2020, with enforcement of the statute beginning on July 1, 2020. The California Attorney General was authorized by the filing with the SOS to immediately begin enforcement of the final regulations.
The California Attorney General made additional revisions to the final regulations after submission to the OAL which were published as an Addendum to the Final Statement of Reasons (“Addendum”) and included in the filing with the SOS. Some of the changes to the text are non-substantive and have no regulatory effect, such as renumbering of provisions, and revising grammar and punctuation. The Addendum also incorporates more substantive changes such as the withdrawal of certain sections. The withdrawn sections include:
999.305(a)(5): A business shall not use a consumer’s personal information for a purpose materially different than those disclosed in the Notice of Collection of Personal Information without notifying the consumer and obtaining consent for the new purpose.
999.306(b)(2): A business that substantially interacts with a consumer offline shall also provide notice of the right to opt-out of the sale of personal information by an offline method that facilitates consumer awareness, such as providing a paper version of the notice.
999.315(c): A business’s methods for submitting requests to opt-out shall be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out. A business cannot utilize a method designed to subvert or impair a consumer’s decision to opt-out.
999.326(a): A business may add requirements for a consumer to provide signed permission and directly confirm authorization for an authorized agent before the agent could submit a "request to know” or “request to delete” personal information.
The Addendum provides that the withdrawn sections may be resubmitted “after further review and possible revision.”
DocMagic published its revised privacy policy, including as relevant to DocMagic eSign and LoanMagic, to comply with the CCPA on December 31, 2019. DocMagic will continue to provide updates regarding additional changes to the final regulations and enforcement of the CCPA as new information becomes available.
