Webinar Recap – CCPA Update: What You Need to Know About CPRA & July 1st Enforcement

As part of the Privacy Insight Series, TrustArc presented the webinar “CCPA Update: What You Need to Know about CPRA & July 1st Enforcement” last week with speakers Teresa Troester-Falk, President and Founder of BlueSky Privacy, and K Royal, Associate General Counsel at TrustArc. This blog post will give a brief summary of that webinar addressing the California Consumer Privacy Act (CCPA), its new regulations and the ballot initiative, the California Privacy Rights Act (CPRA); you can listen to the entire webinar and download the slides here.

Definitions 

With the possibility of a July 1 enforcement date quickly approaching, there was a lot to cover in this webinar. K and Teresa discussed the current status of the consumer privacy acts in California, how the CCPA regulations compare to the CPRA, what to expect on July 1st, how to prepare for all possible scenarios and provided resources to ensure compliance by July 1st and beyond. They expanded upon the various definitions for terms within the CCPA regulations and CPRA. For the CCPA, the definition of “business” was clarified in the regulations that the revenue prong of $25M applies to all revenue, and not simply revenue within California. This was a point of confusion for business leaders trying to interpret the often vague text of the CCPA. 

July 1 Enforcement 

In regards to enforcement, K and Teresa discussed the recent communications from the California AG’s office: “The OAG has determined that any delays in implementation of the regulation will have a detrimental effect on consumer privacy as more and more Californians are using online resources to shop, work, and go to school.” Despite the COVID-19 pandemic, it is clear that the AG’s office is serious about protecting Californian’s personal data and unlikely to waiver on the impending enforcement date.

One of the hot topics in California privacy has been whether or not the use of Cookies on websites constitute a “sale” as defined by the CCPA. The attorney general’s comments in the “Final Statement of Reasons” confirm that the office considers this determination to be highly fact-specific and recommends that companies should seek clarification from counsel. However, under the CPRA, there is a new definition of “sharing” that addresses the cookie scenarios – 

“Share,” “shared,” or “sharing” means sharing, renting, releasing, disclosing, disseminating, making oval/able, transferring, or otherwise communicating orally, In writing, or by electronic or other means, a consumer’s personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration, including transactions between a business and o third party for cross-context behavioral advertising for the benefit of a business In which no money is exchanged. (§1798.140(ah)(1)).

TrustArc CCPA “Opt-Out” Solution  

One of the main aspects of CCPA compliance is fulfilling consumer rights requests as consumers have the right to opt-out of the sale of their personal information. As such, the ability for consumers to exercise this right must be found in an easy-to-find location on your website. With TrustArc Cookie Consent Manager now integrated with TrustArc Individual Rights Manager, you can display the “Do Not Sell My Personal Information” link on your cookie banner, providing transparency and improved user experience to your consumers.

In addition, TrustArc Cookie Consent Manager allows you to configure the consent experience based on any geographical compliance requirements as different regulations have different rules. Utilizing TrustArc Cookie Consent Manager allows you to display the applicable consent banner based on the location of the website visitor. For example, you can display a GDPR opt-in notice banner to EU residents and a CCPA notice-only banner to California residents. 

Companies are understandably in varying stages of preparedness, and with less than a month to go, prioritizing compliance elements is key. Wherever you are in your CCPA compliance journey, TrustArc can offer support at any stage of your compliance plan.

For more information on how TrustArc can help, visit TrustArc.com or contact us here.

Webinar Recap – CCPA: Countdown to Enforcement

As part of the TrustArc Privacy Insight Series, TrustArc Senior Privacy Consultant Beth Sipula, TrustArc Privacy Counsel Edward Hu, and TrustArc Director Privacy Intelligence Development Joanne Furtsch presented the webinar “CCPA: Countdown to Enforcement” last week. This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here.

The CCPA is set to be the toughest privacy law in the United States. It broadly expands the rights of consumers and requires companies within scope to be significantly more transparent about how they collect, use, and disclose personal information. The CCPA is effective January 1, 2020, and enforcement is slated to begin no later than July 1, 2020.

During this webinar, the panelists discussed the current hot topics surrounding the CCPA, such as: notice, service providers, browser controls, identity verification, and the right to deletion. Regarding the right to deletion, Beth went into detail on the proposed regulations’ two step process: the first step allows the individual to submit the request for deletion; and the second step separately confirms the personal information will be deleted. Furthermore, Beth explained that when denying requests, businesses must provide the consumer with a notice stating the reasons for denial, including any applicable exceptions, delete any information not subject to exception, and not use the retained personal information for any purpose not provided for by a relevant exception. 

The panel went on to discuss the recent CCPA public hearings, as Joanne attended the Sacramento hearing and Edward attended the San Francisco hearing. They touched on the variety of speakers during both hearings, which showed the wide range of use cases that the speakers brought forth, and the sizable impact of the CCPA. There were many similarities in both hearings, such as requests for model notices from the AG’s office in order to help streamline notice compliance requirements. 

With the January 1, 2020 effective date quickly approaching, Edward provided several action items for companies, such as: 

  • Inventorying your data
  • Putting a consumer request process in place
  • Reviewing vendor contracts to determine who is a service provider
  • Updating privacy notices
  • Making a determination about whether using third-party ad tech cookies constitutes a “sale”

To learn more about the CCPA, view the on-demand Privacy Insight Series webinar here.  TrustArc has a robust library of on-demand webinars available here. You can learn more about the CCPA look back requirement, automating privacy managing, GDPR compliance, and many other hot topics.

The TrustArc Privacy Insight Series is a set of live webinars featuring renowned speakers, presenting cutting edge research, tips, and tools. Events are free and feature informative discussions, case studies and practical solutions to today’s tough privacy challenges.

Upcoming Webinar – CCPA: Countdown to Enforcement

blank

TrustArc is proud to present the next Privacy Insight Series webinar “CCPA: Countdown to Enforcement” with TrustArc Senior Privacy Consultant Beth Sipula, TrustArc Privacy Counsel Edward Hu, and TrustArc Director Privacy Intelligence Development Joanne Furtsch. This webinar will take place on Wednesday, December 11th at 9am PT (12pm ET/5pm GMT). Don’t miss this opportunity to learn more about global privacy strategy – register today!

CCPA will be in effect before we know it as we count down the days until January 1, 2020. To help businesses prepare to be in compliance by January 1, 2020, the CA State AG released proposed regulations for implementing CCPA and is now holding public hearings to hear statements and comments on the proposed regulations. TrustArc will be at two of the four public hearings to hear the latest regarding implementing CCPA requirements and will bring you the latest updates in this webinar.

Register for this webinar to gain valuable insights and learn about:

  • Key requirements of the proposed regulations
  • Key takeaways from the Sacramento and San Francisco public hearings
  • What happens next in the rulemaking process and what companies need to be doing to be ready for January 1, 2020

Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar.

TrustArc publishes a broad range of privacy educational resources, including research reports, benchmark statistics, solutions briefs, product updates, webinars, workshops and much more. Check out the following resources on hot topics including CCPA, GDPR, Vendor Risk Management, DSAR Best Practices, Cookie Consent, and much more. Register for the free TrustArc Privacy Insight Series subscription and find out why over 20,000 privacy professionals per year take advantage of TrustArc privacy education resources. 

 

Upcoming Webinar: How to Comply with CCPA as Part of a Global Privacy Strategy

blank

TrustArc is proud to present the next Privacy Insight Series webinar “How to Comply with CCPA as Part of a Global Privacy Strategy” with TrustArc Director U.S. Eastern Region Consulting Group & Senior Privacy Consultant Paul Iagnocco, and TrustArc Senior Privacy Consultant Martin Gomberg. This webinar will take place on Wednesday, November 13th at 9am PT (12pm ET/5pm GMT). Don’t miss this opportunity to learn more about global privacy strategy – register today!

With the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other laws such as the Brazilian General Data Protection Law (LGPD), businesses must be prepared to comply with a variety of laws around the world.

Privacy is a complex, multi-level concept which is now being regulated in more than 130 countries with more than 500 privacy laws. To be successful in complying with so many laws, businesses must develop a multi-jurisdictional approach that is consistent and predictable yet also not one-size-fits-all.

This webinar will help answer questions like:

  • What are the additional privacy laws outside of the GDPR and CCPA law requirements you need to be aware of?
  • How do you manage data privacy to meet all applicable global requirements?
  • How do you implement a multi-jurisdictional custom approach to address all applicable laws and regulations?

Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar.

TrustArc publishes a broad range of privacy educational resources, including research reports, benchmark statistics, solutions briefs, product updates, webinars, workshops and much more. Check out the following resources on hot topics including CCPA, GDPR, Vendor Risk Management, DSAR Best Practices, Cookie Consent, and much more. Register for the free TrustArc Privacy Insight Series subscription and find out why over 20,000 privacy professionals per year take advantage of TrustArc privacy education resources. 

November Event Spotlight

blank

TrustArc regularly attends and hosts events around the world and online – please visit us at one or more of the following events. 

_____________________________

IAPP CCPA Comprehensive Live 2019
November 7
New York

The California Consumer Privacy Act will come into effect on January 1, 2020. That gives you very little time to get a lot of work done to comply with this sweeping legislation expected to carry harsh enforcement and fines.

he IAPP CCPA Comprehensive Live 2019 November 7 in New York will provide practical, in-depth CCPA-specific training presented by IAPP experts that will help operationalize your commitment to CCPA compliance.

TrustArc will be sponsoring and exhibiting at this event. Stop by the TrustArc table to say hello!

Learn more here

_____________________________

Privacy Insight Series Webinar
How to Comply with CCPA as Part of a Global Privacy Strategy
November 13 @ 9am PT | 12pm ET | 4pm GMT
Online Webinar

With the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other laws such as the Brazilian General Data Protection Law (LGPD), businesses must be prepared to comply with a variety of laws around the world.

Privacy is a complex, multi-level, concept which is now being regulated in more than 130 countries with more than 500 privacy laws. To be successful in complying with so many laws, businesses must develop a multi-jurisdictional approach to privacy laws that is consistent and predictable yet also not one-size-fits-all.

This webinar will help answer questions like:

  • What are the additional privacy laws outside of the GDPR and CCPA law requirements you need to be aware of?
  • How do you manage all data privacy to meet all applicable global requirements?
  • How do you implement a multi-jurisdictional custom approach to address all applicable laws and regulations?

> Register here

_____________________________

IAPP Europe Data Protection Congress
November 20-21
Brussels

In a year of enforcement action, fines and litigation, the Congress keeps your operation a step ahead.

Europe’s top event in data protection law and policy returns to Brussels, home of the IAPP’s European headquarters, 20-21 Nov. Privacy profession will gather for wide-ranging discussions of strategic developments in regional and international data protection, plus training classes and a deep-dive workshop day preceding the main conference dates.

TrustArc Senior Counsel Darren Abernethy will be speaking on “Winning with Privacy: Implementing Consent and DSARs to Comply AND Win Customers” on 20 November at 17:00.

TrustArc will be sponsoring, speaking and exhibiting at this event. Stop by the TrustArc booth to say hello!

> Learn more here

_____________________________

div>