Despite the request for a delay in the enforcement of the California Consumer Privacy Act of 2018 (CCPA) made by five leading advertising and marketing trade associations, it appears CCPA enforcement will continue as planned. As evidence of this, the California Attorney General recently issued a press release reminding Californians of their rights and businesses’ obligations under the CCPA. In addition, the expected extension of existing but temporary CCPA partial exemptions for certain employee and B2B personal information until the end of 2020 may not materialize, given the extended recess of the California legislature and its intention to prioritize only relief-related bills. Absent legislative action, employee and B2B data will become fully subject to the CCPA on January 1, 2021.
The California AG Press Release
On April 10, 2020, California Attorney General Xavier Becerra issued a press release reminding consumers of the importance of their privacy rights amidst a public health emergency. The Attorney General highlighted that privacy rights are more important than ever when stay-at-home orders are forcing consumers to use “mobile phones and computers as a lifeline,” creating a “dependency on online connectivity.” It also reminds consumers of their rights under CCPA that can be used “both during the emergency and afterwards,” expressly referencing that:
-
Websites that collect and sell personal information should have a “Do Not Sell My Information” link, which California consumers can click on to opt-out of the sale of personal information;
-
California consumers “can minimize or reduce” the data collected by businesses during or after the emergency by requesting that their data be deleted; and
-
Twice during any 12-month period, California consumers can request access to the personal information about them that a business collects, uses, shares, or sells.
The release includes an extensive section on protecting virtual meetings. It stresses the importance of enabling the privacy and security settings of virtual meeting and conference software to avoid interruptions. The advice includes specific references to keeping meeting IDs private, protecting meeting IDs with passwords, turning off settings that may default to save chats, and using platform settings to enable additional protections (e.g., allowing only the host to share their screen, using waiting rooms, etc.).
The press release also includes security tips on:
-
Avoiding email scams: According to the California Attorney General, phishing emails are the most common coronavirus-related scam. The release provides tips on how to identify phishing emails and advises consumers against clicking on links or downloading files included in them.
-
Protecting home networks: The release advises consumers to keep all internet-connected devices up to date; ensure consumers have the latest versions of operating systems, browsers, and security software; and secure wireless routers by changing the name of the router and preset passphrase.
-
Protecting children online: The release provides links to online resources published by the California Attorney General (here) and the Federal Trade Commission (here) to help parents set boundaries and keep their children safe online.
New priorities in Sacramento
Also on April 10, California State Senate President Pro Tem Toni Atkins (D–San Diego) issued a letter that instructed state senators to reconsider their priorities and reduce the number of bills that will be taken up when the Senate returns to session. Both the Senate and Assembly are currently in a recess that has been extended to May 4 due to COVID-19 concerns. With a short legislative session potentially subject to new interruptions due to the pandemic and a re-alignment of priorities, it is unclear whether we will see any amendments to CCPA enacted this year. This could mean no extensions for the existing but temporary partial exemptions for employee-related personal information and business to business contact information, which are currently set to expire at the end of 2020.