what you need to know to comply with
play

WHAT YOU NEED TO KNOW TO COMPLY WITH CALIFORNIAS NEW PRIVACY LAW ( - PowerPoint PPT Presentation

Dec 19, 2023 •220 likes •765 views

WHAT YOU NEED TO KNOW TO COMPLY WITH CALIFORNIAS NEW PRIVACY LAW ( CCPA) Presented By: Jim Brophy and Brett Smoot, Northwoods Sarah Sargent and Andy Schlidt, Godfrey & Kahn, S.C. WELCOME TO NORTHWOODS! 45 digital strategists, marketers,

  1. WHAT YOU NEED TO KNOW TO COMPLY WITH CALIFORNIA’S NEW PRIVACY LAW ( CCPA) Presented By: Jim Brophy and Brett Smoot, Northwoods Sarah Sargent and Andy Schlidt, Godfrey & Kahn, S.C.

  2. WELCOME TO NORTHWOODS! 45 digital strategists, marketers, UX • experts, developers & account directors Comprehensive digital strategy, • website design, software development & digital marketing services # LearnAtNorthwoods www.northwoodsoft.com

  3. NORTHWOODS’ CLIENTS Trusted by over 750 clients including:

  4. YOUR PRESENTERS Jim Brophy Group Director – Digital

  5. YOUR PRESENTERS Brett Smoot Digital Marketing Coordinator

  6. YOUR Sarah Sargent PRESENTERS Attorney Data Privacy & Cybersecurity gklaw.com

  7. YOUR Andy Schlidt PRESENTERS Attorney Chair - Technology & Digital Business Practice Shareholder - Data Privacy & Cybersecurity and Corporate Legal Practices gklaw.com

  8. SERVICES WE PROVIDE

  9. DATA PRIVACY & CYBERSECURITY We counsel clients on information security and privacy best practices, including the implementation of global privacy programs, We advise clients with a full drafting internal and external privacy policies spectrum of legal support. and notices, implementing written information security programs and incident response plans, Privacy & Cybersecurity Compliance and conducting M&A due diligence. Data Breach Response Technology Transactions Our team includes individuals with real-world WISPs, Table-Tops, and Incident experience in: Response Planning Software Development • Incident Response; and • Ethical Hacking •

  10. LEGAL DISCLAIMER The information contained within this presentation in no way constitutes legal advice. This presentation and the information contained therein does not create an attorney-client relationship. Any person who intends to rely upon or use the information provided in any way is solely responsible for independently verifying the information and obtaining independent expert advice.

  11. WHAT IS THE CALIFORNIA CONSUMER PRIVACY ACT? (CCPA)

  12. FREQUENTLY ASKED QUESTIONS We hope to answer the following questions during our presentation: • I am not located in California. Does CCPA apply to me? • I don’t have a physical location in California, so I’m not “doing business” there, right? • I don’t “sell” personal information about people, so I don’t have to worry about CCPA, right? • My company is B2B, so I don’t have to worry about CCPA, right? • Do we need to offer these data subject rights to everyone? Please let us know if we have not fully addressed these questions for you.

  13. FREQUENTLY ASKED QUESTIONS We hope to answer the following questions during our presentation: • How do I determine the identity of a data subject if I only have an IP address? How do I verify an identity? • Do we really need to delete ALL information about a person if they request it? What if we have a need to retain it? • Do I need to obtain opt-in consent to send marketing emails under CCPA? • Do I have to have a cookie banner for CCPA compliance? • What does my new privacy policy for CCPA have to say? Please let us know if we have not fully addressed these questions for you.

  14. WHAT IS THE CCPA? • California Consumer Privacy Act (CCPA) • AB-375 - The California Consumer Privacy Act of 2018 • Passed - June 28, 2018 • Amended - Sept 23, 2018 • Effective - Jan 1, 2020 Cal. Civ. Code Section 1798 Sec 2(a)

  15. THINGS TO KEEP IN MIND • The law has a number of pending amendments • 9 amendments or pieces of related legislation being considered • For example, AB-25 excludes employment information from the definition of personal information for one year • Just because your business is not located in CA does not mean you are off the hook

  16. THINGS TO KEEP IN MIND • There are trends toward: • Obtaining opt-in consent for data processing • Consider whether this is possible in your business • Using more specific and informative privacy policies, written in understandable language • Obtaining opt-in consent before dropping cookies • Required by GDPR & E-Privacy Directive • Allowing individuals to exercise rights over their data • It’s no longer “your data,” if it is about a person. They have rights over it.

  17. WHY SHOULD I CARE? • “As California goes, so goes the nation.” • States That Have Introduced Bills Mirroring CCPA • Hawaii • Maryland • Massachusetts • Mississippi • Maine • Nevada (Passed with an effective date of October 2019) • Other States Developing Different Privacy Laws • New York • North Dakota • Washington • Texas Source: The National Law Review

  18. KEY TERMS AND DEFINITIONS

  19. WHAT TYPES OF DATA FALL WITHIN THE CCPA? • The broad definition of personal information is: • Essentially any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. • CCPA focuses not just on individuals, but households and devices

  20. WHAT IS A SALE OF PERSONAL INFORMATION? • “Sell” means not just sales of personal information for $$ • Also means: • Renting, releasing, disclosing, making available, transferring, or otherwise communicating [personal information] in any medium • Sell is “by the business to another business or a third party” • For monetary or other valuable consideration

  21. IS MY BUSINESS IMPACTED BY THE CCPA?

  22. WHO DOES THE CCPA APPLY TO? Three-Part Equation 1) A “business” 2) Those “doing business In California” 3) Meets one or more of the three numerical thresholds

  23. DOING BUSINESS + THRESHOLDS • Annual gross revenues in excess of $25 million; • Personal information of 50,000 or more consumers, households, or devices; and/or • Sale of personal information accounts for 50% or more of annual revenues

  24. REQUIREMENTS

  25. CONSENT & SALE OF INFORMATION • CCPA states that if a business “sells personal information” to THIRD PARTIES it must provide notice to consumers of potential sale • Must also provide a right to opt out of the sale • Must have a “Do Not Sell” link on website, either on homepage, or California- specific homepage that is “clear and conspicuous” • Can’t require consumer to create an account to opt out • Must allow other persons to opt out on a consumer’s behalf

  26. NOTICES • CCPA is like GDPR in that you need to update your privacy policy to more particularly describe your privacy practices • CCPA requires disclosure of categories of personal information collected, used, disclosed, or sold • CCPA also requires that you update your privacy policy at least once every twelve months • A business cannot collect any personal information that is not disclosed to the consumer in a notice • A business cannot use any personal information collected for additional, non-disclosed purposes without providing notice

  27. DATA SUBJECT REQUEST RIGHTS • Rights Provided to CA Residents under CCPA • Right to Deletion (companies must also require service providers to delete personal information) • Right of Access & Data Portability • Right to Know Certain Information Upon Request

  28. LIMITATIONS TO DATA SUBJECT REQUESTS • Companies must take reasonable steps to verify the identity of the individual • Companies are not required to provide personal information to a consumer more than twice a year • There are exceptions to Right to Deletion

  29. VENDOR MANAGEMENT Vendors that have access to personal information should have the following contractual obligations: • Protect personal information • Assist in compliance efforts • Use personal information solely for the purposes of complying with obligations under agreement, and agreement will not constitute “sale”

  30. TRAINING • Must “inform” all individuals responsible for handling consumer inquiries about the business’ privacy practices or CCPA about “Do Not Sell” requirements under law • You should conduct initial CCPA training before January 1, 2020, for all employees dealing with data subject requests • Adding privacy session or content to on-boarding and annual trainings

  31. PENALTIES

  32. ENFORCEMENT Private Action Attorney General • If a business fails to have • If a business fails to cure an reasonable data security alleged violation within 30 practices and a data breach days of noncompliance occurs notification • Damages between $100 to • Maximum civil penalty of $750 per consumer per $2,500 for each violation incident or actual damages, whichever is greater • Maximum civil penalty of • Injunctive or declaratory relief $7,000 for each intentional violation • Any other relief the court deems proper

  33. DATES TO REMEMBER • Effective Date: January 1, 2020 • AG Enforcement Date: July 1, 2020 or six months after the publication of final AG regulations (whichever is sooner) • One-year look back date: January 1, 2019

  34. I AM GDPR READY! AM I CCPA READY? KINDA …

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CHANGES IN FOOD SAFETY LAW WHAT RESTAURANTS HAVE TO DO TO COMPLY WITH LEGISLATION Compliance to

CHANGES IN FOOD SAFETY LAW WHAT RESTAURANTS HAVE TO DO TO COMPLY WITH LEGISLATION Compliance to

CHANGES IN FOOD SAFETY LAW WHAT RESTAURANTS HAVE TO DO TO COMPLY WITH LEGISLATION Compliance to Regulation R638 Requirements Ensuring Hygiene and Food Safety WHAT RESTAURANTS MUST DO TO COMPLY If you handle food, food equipment or utensils,

282 views • 7 slides
6/12/2015 Construction/Permitting Violations Illicit Discharge/ Illicit Connection/

6/12/2015 Construction/Permitting Violations Illicit Discharge/ Illicit Connection/

6/12/2015 Construction/Permitting Violations Illicit Discharge/ Illicit Connection/ Improper Disposal Failure to Comply with a Permit Failure to Comply with Permanent Stormwater Management Requirements Failure to Comply with a

185 views • 4 slides
} Narrow defeasible duty to obey the law (or comply with political authority, e.g. the

} Narrow defeasible duty to obey the law (or comply with political authority, e.g. the

} Narrow defeasible duty to obey the law (or comply with political authority, e.g. the state) Denial = philosophical anarchism Affirmation (grounds, theories): fairness, justice, gratitude, consent, identity/membership, etc

378 views • 24 slides
How to Comply with the CMS Conditions for Coverage on Emergency Preparedness Bob Loeper, VP

How to Comply with the CMS Conditions for Coverage on Emergency Preparedness Bob Loeper, VP

How to Comply with the CMS Conditions for Coverage on Emergency Preparedness Bob Loeper, VP Operations Support Business Continuity/Disaster Response Fresenius Kidney Care November 9, 2018 Facilities Impacted by the Emergency Preparedness Rule

929 views • 45 slides
Canadas New Anti-Spam Legislation What you need to know to comply Gowlings at a glance Over

Canadas New Anti-Spam Legislation What you need to know to comply Gowlings at a glance Over

Canadas New Anti-Spam Legislation What you need to know to comply Gowlings at a glance Over 700 professionals across 10 offices worldwide Recognized expertise in business law, advocacy and intellectual property law Dedicated

665 views • 37 slides
The ASB's Audit Standards Clarity Project: h d d d l Prepare Now to Comply Meeting the

The ASB's Audit Standards Clarity Project: h d d d l Prepare Now to Comply Meeting the

Presenting a live 110 minute teleconference with interactive Q&A The ASB's Audit Standards Clarity Project: h d d d l Prepare Now to Comply Meeting the Challenges of International Convergence, New Objectives M ti th Ch ll f I t ti l

840 views • 44 slides
Have you Read??? If someone beat a child to prevent him from Would you comply with demands if

Have you Read??? If someone beat a child to prevent him from Would you comply with demands if

Have you Read??? If someone beat a child to prevent him from Would you comply with demands if tortured enough? doing something they didnt like, he would Probably. Does that make it effective? probably stop doing it, and you could then say Well

563 views • 30 slides
portfolio to comply wit ith BPR requirements: Case study of insecticides Hlne Cawoy

portfolio to comply wit ith BPR requirements: Case study of insecticides Hlne Cawoy

Rationalizing a bio iocidal products portfolio to comply wit ith BPR requirements: Case study of insecticides Hlne Cawoy Redebel Regulatory Affairs, BELGIUM CIR & Agbio Summit, 7-8 September, Nice, France 1 How do we translate a

751 views • 36 slides
Committee established to comply with federal regulations Protect the rights and welfare of

Committee established to comply with federal regulations Protect the rights and welfare of

7/11/2018 Allison Blodgett, PhD, CIP Director of IRB Operations University of Massachusetts Medical School Committee established to comply with federal regulations Protect the rights and welfare of all human subjects who volunteer to

623 views • 26 slides
Introductions 2 New Jersey State Office of EMS Agencies have a responsibility to comply with

Introductions 2 New Jersey State Office of EMS Agencies have a responsibility to comply with

Webinar New Jersey EMS Data Reporting Law 1 Introductions 2 New Jersey State Office of EMS Agencies have a responsibility to comply with the new law OEMS will support the efforts as much as they can The goal is to fill in gaps in

321 views • 13 slides
DIRBS Telecommunication/ICT devices that do not comply with a country's applicable national

DIRBS Telecommunication/ICT devices that do not comply with a country's applicable national

Sept 6, 2019 Addressing Illegal, Counterfeit and Stolen Devices with DIRBS Telecommunication/ICT devices that do not comply with a country's applicable national conformity processes and regulatory requirements or other applicable legal

985 views • 12 slides
Post-sale Duties: How to Comply and How to Defend Product Liability Litigation after Recalls

Post-sale Duties: How to Comply and How to Defend Product Liability Litigation after Recalls

Presenting a live 90-minute webinar with interactive Q&A Post-sale Duties: How to Comply and How to Defend Product Liability Litigation after Recalls TUESDAY, APRIL 4, 2017 1pm Eastern | 12pm Central | 11am Mountain | 10am

1.03k views • 92 slides
Client Alert How to Confjdently Use Your Website and Social Media to Comply With Contact Attorney

Client Alert How to Confjdently Use Your Website and Social Media to Comply With Contact Attorney

Client Alert How to Confjdently Use Your Website and Social Media to Comply With Contact Attorney Regarding Regulation FD This Matter: Joseph Alley, Jr. Last month, the SEC issued new guidance clarifying how companies can use 404.873.8688 -

259 views • 5 slides
Data flows between the EU and partner countries: how to comply with the EU standards on data

Data flows between the EU and partner countries: how to comply with the EU standards on data

Data flows between the EU and partner countries: how to comply with the EU standards on data protection and fundamental rights Anna Fielder 16-06 TISA Countries No general data protection law in red Australia, Canada, Chile, Chinese Taipei,

420 views • 6 slides
Project TEACH case presentation template Please keep in mind that we must comply with HIPPA

Project TEACH case presentation template Please keep in mind that we must comply with HIPPA

Project TEACH case presentation template Please keep in mind that we must comply with HIPPA regulations; therefore do not use Patient Identifiers during this presentation. Instructions: Please fill out this form as completely as possible prior to

289 views • 3 slides
Workshop II OSHAs New Electronic Reporting Rule How to Prepare and Comply Wednesday,

Workshop II OSHAs New Electronic Reporting Rule How to Prepare and Comply Wednesday,

Workshop II OSHAs New Electronic Reporting Rule How to Prepare and Comply Wednesday, March 22, 2017 11:15 a.m. to 12:30 p.m. Biographical Information William H. Haak, Founder, Haak Law LLC Cleveland, Ohio 216.772.3532

841 views • 18 slides
!!!"#$%#"&'()$*+,-./0&123/4

!!!"#$%#"&'()$*+,-./0&123/4

!"#$%&'#()$*+,-(.(#*/&001234"54%5-(3* 6007!"'085()$*234"54%5-(3*9334%#8"(#($5 !!!"#$%#"&'()$*+,-./0&123/4 $*+,4-./0&123/4-0&51&'1,204600&'735272*14 !"

259 views • 12 slides
Segment-Phrase Table for Semantic Segmentation, Visual Entailment and Paraphrasing Hamid

Segment-Phrase Table for Semantic Segmentation, Visual Entailment and Paraphrasing Hamid

Segment-Phrase Table for Semantic Segmentation, Visual Entailment and Paraphrasing Hamid Izadinia, Fereshteh Sadeghi, Santosh K. Divvala, Hannaneh Hajishirzi, Yejin Choi, Ali Farhadi Presentated by Edward Banner Outline What is a SPT?

958 views • 43 slides
Products of Partially Ordered Sets Posets in Uncertainty . . . Main Theorem (Posets) and

Products of Partially Ordered Sets Posets in Uncertainty . . . Main Theorem (Posets) and

Posets in Space-Time . . . Intervals in Space- . . . Products of Space- . . . Products of Partially Ordered Sets Posets in Uncertainty . . . Main Theorem (Posets) and Intervals in Such Products, Auxiliary Results: . . . with Potential

557 views • 23 slides
Convex regularization of discrete-valued inverse problems Christian Clason Faculty of

Convex regularization of discrete-valued inverse problems Christian Clason Faculty of

Convex regularization of discrete-valued inverse problems Christian Clason Faculty of Mathematics, Universitt Duisburg-Essen joint work with Thi Bich Tram Do, Florian Kruse, Karl Kunisch New Trends in Parameter Identification for Mathematical

925 views • 49 slides
The state of Kotlin support in Spring Sbastien Deleuze @sdeleuze Copenhagen Denmark Safe

The state of Kotlin support in Spring Sbastien Deleuze @sdeleuze Copenhagen Denmark Safe

The state of Kotlin support in Spring Sbastien Deleuze @sdeleuze Copenhagen Denmark Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and

1.46k views • 87 slides
60% Increase in Customer Engagement Session Title MIKE LOVERIDGE Head of Digital Test and Learn

60% Increase in Customer Engagement Session Title MIKE LOVERIDGE Head of Digital Test and Learn

How Humana's Strategic Testing Drove a 60% Increase in Customer Engagement Session Title MIKE LOVERIDGE Head of Digital Test and Learn Humana, Inc. Mike Loveridge Head of Digital Test and Learn Humana, Inc. Humana is The Super

443 views • 16 slides
Fill out the Brown Computer Science Survey you got in your email! percentageproject.com Only

Fill out the Brown Computer Science Survey you got in your email! percentageproject.com Only

Fill out the Brown Computer Science Survey you got in your email! percentageproject.com Only takes 5 min! If you didnt receive the survey, email All multiple litofish@cs.brown.edu choice! 2 Sets, Dictionaries & Hash Tables CS16:

976 views • 63 slides
COVID 19 UPDATE 5-4-2020 Todays Agenda Welcome Jean OLeary WICShopper App

COVID 19 UPDATE 5-4-2020 Todays Agenda Welcome Jean OLeary WICShopper App

COVID 19 UPDATE 5-4-2020 Todays Agenda Welcome Jean OLeary WICShopper App Update Cynthia Huskey High Risk Participant Report Margaret Dosland Polling questions Jean OLeary Questions and answers

432 views • 7 slides

More recommend