Home Privacy California Releases Consumer Privacy Tool for Reporting CCPA Violations

California Releases Consumer Privacy Tool for Reporting CCPA Violations

It’s been nineteen months since the California Consumer Protection Act (CCPA) went into effect, and California is revealing the effectiveness as the legislation, and releasing a new tool to let consumers report violations directly to the state.

On July 19th, California Attorney General Rob Bonta held a press conference to demonstrate the effectiveness of the CCPA and introduce the new Consumer Privacy Tool, which allows individuals to report violations of the law.

Cure Periods Increase CCPA Compliance

Under the CCPA a non-compliant business is given a 30-day “cure period” following notice of non-compliance from the California Attorney General, during which the business is given the chance to cure the alleged non-compliance without penalty.

According to AG Bonta, 75% of businesses that received notice of a CCPA violation responded by bringing their data practices into compliance within the 30-day cure period. As for the remaining 25% of alleged CCPA violators, they are “either within their 30-day window or under an active investigation,” said Bonta.

“We’ve sent quite a few [violations],” said Bonta, “but the good news is when we send out notices to cure we get a response.”

The AG went on to outline, without naming names, several real-world examples of compliance violations and how they were resolved within the cure period.

In one example, users of a social media platform complained that the company was slow to respond to CCPA requests, and those users were not notified that their CCPA requests had been received or completed. After receiving a notice to cure from the CA DOJ, the business walked the AG’s office through their process and fixed their procedures.

In another example, an online dating app forced users to accept sharing of their personal information when signing up for the service. The company did not have the “Do not sell my personal information” link that every company must display if they engage in that practice. The company created the link once contacted by the California Attorney General’s office.

“Businesses are motivated and able to comply with the law,” said Bonta. “My belief is that the vast majority of businesses really want to comply and will comply,” he continued. “They want to know how to comply, and once they know how, they do.”

Bonta’s office has also published a separate list of 27 notice examples with descriptions.

Cure Periods to Expire When CPRA Takes Effect

While the 30-day cure period currently offered by the CCPA has helped many companies come into compliance without penalties, it should be noted that once the CPRA supersedes the CCPA on January 1st, 2023, businesses will no longer be offered a cure period. That means violations of the law will result in immediate penalties– — up to $2,500 per violation or $7,500 per intentional violation involving personal information. It is of the utmost importance that businesses take CCPA and CPRA compliance seriously and implement the necessary tools and processes for compliance as soon as possible.

California’s New Consumer Privacy Tool

In addition to touting the effectiveness of the CCPA, Bonta also used his press conference to unveil a new online tool which will let consumers report violations of the CCPA directly to the State. For now, the new Consumer Privacy Tool is limited to reporting instances of missing or unclear “Do Not Sell My Personal Information” buttons on companies’ websites, but the tool may be updated to include other potential CCPA violations.

The tool “asks guided questions to walk consumers through the basic elements of the CCPA before generating a notification that the user can then email to the business,” said Bonta.

This notification from consumer to business may trigger the 30-day cure period, according to Bonta, but he did not give a clear delineation of when the notification does or does not mark the beginning of the cure period and why.

“I’m not saying to use it or not to use it, but it’s there to be used,” Bonta said. “If you don’t want your information to be sold, you have to act. For those out there that think your information won’t be sold automatically because of the CCPA, that’s not true. You have to take that step and click that button on those websites.”

How Ensighten Can Help

The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)  give California citizens control over the data that companies collect on them, control over the privacy of that data, and the ability to require that organizations manage their data responsibility.

To stay compliant with these laws, you can’t rely on vendors that offer nominal compliance or privacy management through simple workflow mechanisms that rely on connections to additional systems, to enact any policy put in place and greatly aggravate data leakage vulnerabilities. Ensighten’s comprehensive solution enforces privacy preferences and requests in real-time without the need to interact with any other supply chain technology, therefore eliminating the risk of data leakage. 

With Ensighten Consent Management Plus (CMP+), you can set up opt-out of sale links for California consumers and give your customers a clear-cut choice on how their data is used, or whether it is collected. And our low-code, zero-integration deployment means Ensighten CMP+ is easy to use. A simple line of code added to your website is all you need to stop data from being collected before your customers give their consent, allowing real-time enforcement of customer consent regardless of tag management systems or 3rd party tags.

Request a demo to see how Ensighten can help your organization meet compliance with the Colorado Privacy Act.

Want to know more about CCPA/CPRA? Check out these resources:

15 Minute Guide to CCPA Compliance

Webinar: The CCPA and Your Business


Source link


What is Cookie Piggybacking? | Cookie Syncing, Tag Piggybacking

Cookie piggybacking, also referred to as cookie syncing and piggybacking tags is a term used to describe a common web development practice that...

Understanding the New CCPA/CPRA Amendments in AB 694

On October 5th, California Governor Gavin Newsom signed Assembly Bill 694 (AB 694), an omnibus bill from the Committee on Privacy and Consumer...

Saudi Arabia’s New Data Protection Law – What you need to know – Privacy Matters

The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s (KSA) newly published Personal Data Protection Law...

Most Popular

‘Critical Severity’ Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over...

Recent Comments