InfoBytes

Section Content

Filter

Tags

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

March 18, 2021

California again modifies CCPA regs; appoints privacy agency’s board

On March 15, the California attorney general announced approval of additional regulations implementing the California Consumer Privacy Act (CCPA). The CCPA—enacted in June 2018 (covered by a Buckley Special Alert) and amended several times—became effective January 1, 2020. According to the announcement, the newly-approved amendments strengthen the language of CCPA regulations approved by OAL last August (covered by InfoBytes here). Specifically, the new amendments:
- Require businesses selling personal information collected in the course of interacting with consumers offline to provide consumers about their right to opt out via offline communications. Consumers must also be provided instructions on how to submit opt-out requests.
- Provide an opt-out icon for businesses to use in addition to posting a notice of right to opt-out. The amendments note that the opt-out icon may not be used in lieu of requirements to post opt-out notices or “do not sell my personal information” links.
- Require companies to use opt-out methods that are “easy” for consumers to execute and that require “minimal” steps to opt-out. Specifically, a “business’s process for submitting a request to opt-out shall not require more steps than that business’s process for a consumer to opt-in to the sale of personal information after having previously opted out.” Additionally, except as otherwise permitted by the regulations, companies are prohibited from requiring consumers to provide unnecessary personal information to implement an opt-out request, and may not require consumers to click through or listen to reasons as to why they should not submit an opt-out request. The amendments also state that businesses cannot require consumers “to search or scroll through the text of a privacy policy or similar document or webpage to locate the mechanism for submitting a request to opt-out.”
The AG’s press release also notes that the California Privacy Rights Act (CPRA), which was approved by voters last November and sought to amend the CCPA, will transfer some of the AG’s responsibilities to the California Privacy Protection Agency (CPPA), covered by InfoBytes here; however, the AG will retain the authority to go to court to enforce the law. Enforcement of the CPRA will begin in 2023.

Additionally, on March 17, the California governor announced appointments to the five-member inaugural board for the CPPA, consisting of experts in privacy, technology, and consumer rights. The CPPA is tasked with protecting the privacy rights of consumers over their personal information, and “will have full administrative power, authority, and jurisdiction to implement and enforce” the CCPA and the CPRA, including bringing enforcement actions before an administrative law judge.

State Issues State Regulators CCPA State Attorney General Privacy/Cyber Risk & Data Security CPRA CPPA Consumer Protection
November 6, 2020

California voters approve expanded privacy rights

On November 3, California voters approved a ballot initiative, the California Privacy Rights Act of 2020 (CPRA), that expands on the California Consumer Privacy Act (CCPA). While there are a number of differences between the CPRA and the CCPA, some key provisions include:
- Adding expanded consumer rights, including the right to correction and the right to limit sharing of personal information for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
- Changing the definitions of various entities, including increasing the numerical threshold for being a business to 100,000 from 50,000 consumers and households and removing devices from this threshold.
- Adding the category of sensitive personal information that is subject to specific rights.
- Creating a new privacy agency, the California Privacy Protection Agency, to administer, implement, and enforce the CPRA.
It is important to note that the Gramm-Leach-Bliley Act and Fair Credit Reporting Act exemptions are in the CPRA, and the act extends the employee and business-to-business exemption to January 1, 2023.

Implementation deadlines

The CPRA becomes effective January 1, 2023, with enforcement delayed until July 1, 2023. However, the CPRA contains a look-back provision (i.e., the CPRA will apply to personal information collected by a business on or after January 1, 2022). The new privacy agency also is required to begin drafting regulations starting on July 1, 2021, with final regulations to be completed one year later.

Learn more

Please refer to a Buckley article for further information on the differences between the CCPA and the CPRA: 6 Key Ways the California Privacy Rights Act of 2020 Would Revise the CCPA (Corporate Compliance Insights), as well a continuing InfoBytes coverage here.

Privacy/Cyber Risk & Data Security CCPA CPRA California Consumer Protection Ballot Initiative

23 NYCRR Part 500
AARMR
Aaron Mahler
ABA
Ability To Repay
ABS
Abusive
ACA International
Acceleration
ACFIN
ACH
Add-On Products
Adjustable Rate Mortgage
Administrative Procedures Act
Adverse Action
Advertisement
Advisory Board
Advisory Committee
Advisory Council
Advisory Opinion
AECA
Affiliated Business Relationship
Affinity Products
Affirmative Defense
Affordable Housing
Agency Rule-Making & Guidance
Agent
Alabama
Alaska
ALJ
Alternative Data
AMA
Amanda Raines Lawrence
American Depositary Receipts
American Depository Receipts
American Rescue Plan Act of 2021
Americans with Disabilities Act
Amicus Brief
Ancillary Products
Andorra
Andrew Grant
Andrew Louis
Andrew Schilling
ANPR
Anti-Corruption
Anti-Money Laundering
Anti-Money Laundering Act of 2020
Anti-Retaliation
Antiterrorism Act
Antitrust
APEC CBPR
APHIS
Appellate
Appraisal
Appraisal Management Companies
APR
APY
Aquisition
Arbitration
Arizona
Arkansas
ARRC
Artificial Intelligence
Assessments
Asset Management
Asset-Based Lending
Assignee Liability
ATM
Attorney Fees
Attorney-Client Privilege
Auto Finance
Auto Leases
Autodialer
Automated Telephone Dialing
BAFT
Ballot Initiative
Bank Charter
Bank Compliance
Bank Consultants
Bank for International Settlements
Bank Holding Companies
Bank Holding Company Act
Bank Privilege
Bank Regulatory
Bank Resolution
Bank Secrecy Act
Bank Supervision
Banking
Bankruptcy
Basel
Basel Committee
BCBS
Belarus
Ben Olson
Beneficial Ownership
Biden
Big Data
Biggert-Waters Act
Biometric Data
BIPA
Bitcoin
Blockchain
Board of Governors
Bona Fide Error
Bond
Borrower Defense
Braskem SA
Brazil
Breach of Contract
Bribery
Broker
Broker-Dealer
Brokered Deposits
Budget
Burma
Business Continuity
Business Opportunity Rule
CA UCL
CAATSA
California
California Money Transmission Act
Call Report
Canada
Cannabis Banking
Capital
Capital Requirements
CARD Act
CARES Act
Cash Checking
Cash-Out Refinance
CCAR
CCFPL
CCPA
CCPA/EU
CDBO
CDC
CDD Rule
CDFI
Cease and Desist
CECL
CFPA
CFPB
CFPB Succession
CFTC
Check Cashing
China
Chris Witeck
CIDs
CISA
Cities & Counties
Civil Fraud Actions
Civil Money Penalties
Civil Procedure
CLA
Class Action
Class Certification
Climate-Related Financial Risks
Closed-End Credit
Cloud Computing
CMBS
Collateral Estoppel
College Scorecard
Colorado
Combating the Financing of Terrorism
Comment Letter
Commercial Finance
Commercial Lending
Commercial Mortgage Backed Securities
Commodity Exchange Act
Community Banks
Compensation
Compliance
Compliance Aids
Comptroller's Handbook
Comptroller's Licensing Manual
Conforming Loan
Congress
Congressional Inquiry
Congressional Oversight
Congressional Review Act
Connecticut
Consent
Consent Order
Consolidated Appropriations Act
Constitution
Construction
Consumer Complaints
Consumer Credit
Consumer Data
Consumer Data Protection Act
Consumer Education
Consumer Finance
Consumer Leasing Act
Consumer Lending
Consumer Lending | Consumer Finance
Consumer Protection
Consumer Redress
Consumer Reporting
Consumer Reporting Agency
Consumer Review Fairness Act
Contracts
COPPA
Cordray
Corporate Compliance Program
Corporate Enforcement Policy
Corporate Governance
Correspondent Banking
Correspondent Lenders
Corruption
Costa Rica
Courts
Covid-19
CPA
CPPA
CPRA
CRA
CRE Lending
Credit Application
Credit Builder Loans
Credit Cards
Credit Furnishing
Credit Monitoring
Credit Rating Agencies
Credit Ratings
Credit Repair
Credit Repair Organizations Act
Credit Report
Credit Reporting Agency
Credit Risk
Credit Scores
Credit Sellers
Credit Services Business
Credit Union
Criminal Enforcement
CROA
Cross Border Activities
Crowdfunding
Cryptocurrency
CSBS
Cuba
CUNA
Customer Due Diligence
CVC
CVF
Cyber Insurance
Cyber Threat Intelligence Integration Center
D.C. Circuit
DACA
Damages
Dark Pools
Data
Data Breach
Data Brokers
Data Collection / Aggregation
DBO
DC Circuit
De Novo Bank
Debit Cards
Debt Buyer
Debt Buying
Debt Cancellation
Debt Collection
Debt Relief
Debt Settlement
Debt Verification
Deceptive
Default
Deferred Deposit Lenders
Deferred Deposits
Deferred Interest
Deficiency Claim
Delaware
Department of Agriculture
Department of Commerce
Department of Defense
Department of Education
Department of Homeland Security
Department of Labor
Department of State
Department of Treasury
Department of Veteran Affairs
Department of Veterans Affairs
Deposit Advance
Deposit Insurance
Deposit Products
Deposits
Derivatives
DFPI
Digital Commerce
Digital Insights and Trends
Directors & Officers
Disaster Relief
Discharge
Disclosures
Discount Window
Discovery
Discrimination
Disgorgement
Disparate Impact
Distributed Ledger
District of Columbia
Diversity
Diversity and Inclusion Subcommittee
Do Not Call Registry
Dodd-Frank
DOJ
DOL Fiduciary Rule
Douglas Gansler
Downpayment Assistance
DPA
Due Process
E-Discovery
E-SIGN Act
E-Signature
Earned Wage Access
ECIP
ECOA
eCommerce
Economic Aid Act
EDGAR
EFTA
EGRPRA
EGRRCPA
EIDL
Eighth Circuit
Elder Financial Exploitation
Electronic Check
Electronic Fund Transfer
Electronic Mortgages
Electronic Payments
Electronic Records
Electronic Signatures
Electronic Transfers
Eleventh Circuit
Elizabeth McGinn
Elizabeth Warren
Eminent Domain
En Banc
Enforcement
English v. Trump
Escrow
ESIGN
Eskom
EU
EU-US Privacy Shield
European Union
Evictions
Examination
Exchange-Traded Funds
Executive Order
Export Controls
FACTA
FAFT
Fair Credit Billing Act
Fair Credit Reporting Act
Fair Housing
Fair Housing Act
Fair Labor Standards Act
Fair Lending
Fair Servicing
False Claims Act / FIRREA
Fannie Mae
Farm Credit Administration
FASB
FATF
FBAR
FBI
FCC
FCPA
FCPA Enforcement Action
FCPA Pilot Program
FCRA
FDCPA
FDI Act
FDIA
FDIC
Federal Advisory Committee Act
Federal Arbitration Act
Federal Deposit Insurance Act
Federal Issues
Federal Legislation
Federal Register
Federal Reserve
Federal Reserve Bank of Boston
Federal Reserve Bank of New York
Federal Reserve Banks
Federal Reserve Board
Federal Reserve System
Fees
FEMA
FFIEC
FHA
FHFA
FHLB
FICO
Fiduciary Duty
Fiduciary Rule
FIFA
Fifth Circuit
Finance Charge
Financial Advisers
Financial CHOICE Act
Financial Conduct Authority
Financial Crimes
Financial Institutions
Financial Literacy
Financial Services
Financial Services Authority
Financial Stability
Financial Stability Board
Financial Technology
FinCEN
Finder's Fee
FINRA
Fintech
Fintech Charter
FIRREA
First Amendment
First Circuit
Flexibility Act
Flood Disaster Protection Act
Flood Insurance
Florida
FOIA
FOMC
For-Profit College
Forbearance
Force-placed Insurance
Foreclosure
Foreign Banks
Foreign Exchange Trading
Foreign Terrorist Organization
Fourth Circuit
France
Fraud
FRB
Freddie Mac
Fredrick Levin
FSA
FSB
FSOC
FTC
FTC Act
FTCA
Fund Transfers
FVRA
G-7
G-Fees
G20
GAAP
Gambling
GAO
GAP Waivers
GDPR
Georgia
GFE
Gift Cards
Ginnie Mae
Governance
Governors
Gramm-Leach-Bliley
GSE
GSE Patch
GSEs
GSIBs
GTO
Guaranty Agency
HAMP
HAMP / HARP
Hawaii
Hazard Insurance
Health Care
Hearing
HECM
Hedge Fund
HELOC
Hemp Businesses
HERA
High Frequency Trading
Higher Education Act
HMDA
HOA
HOEPA
HOLA
Holder Rule
Home Affordable Refinance Program
Home Equity Loans
Home Inspection
Home Owners' Loan Act
Hong Kong
House Appropriations Committee
House Committee on Education
House Energy and Commerce Committee
House Financial Services Committee
House Judiciary Committee
House Oversight Committee
House Small Business Committee
Housing Finance Reform
HPML
HQLA
HUD
IBOR
ICBA
Idaho
Identity Theft
IIF
ILC
Illinois
ILSA
IMF
Incentive Compensation
Income-Driven Repayment
Indemnification
Indemnity Claims
Indiana
Indictment
Indonesia
Information Commissioner's Office
Information Furnisher
Initial Coin Offerings
Injunction
Installment Loans
Institution-Affiliated Party
Insurance
Insurance Licensing
Interest
Interest Rate
International
Internet Commerce
Internet Lending
Internet of Things
Investigations
Investment Adviser
Iowa
Iran
Iraq
IRRRL
IRS
ISIS
ITAR
Jeffrey Hydrick
Jeffrey Naimon
John Doe v CFPB
John Kromer
John Redding
Jon Langlois
Jurisdiction
Kansas
Kentucky
Kickback
Know Before You Owe
Kokesh
Korea
KYC
Language Access
LCR
Lead Aggregation
Lead Generation
Least Sophisticated Consumer
Lebanon
Lender Certification
Lender Placed Insurance
Lending
LFI
LIBOR
Licensing
Lien Stripping
Limited English Proficiency
Liquidity
Liquidity Standards
LISCC
Litigation
Litigation Funding
Liu v. SEC
Living Wills
Loan Broker
Loan Modification
Loan Origination
Loss Mitigation
Louisiana
LTV Ratio
Machine Learning
Macroprudential
Madden
Main Street Lending Program
Maine
Manley Williams
Manufactured Housing
MAP Rule
Marketing
Marketing Services Agreements
Marketplace Lending
MARS Rule
Martin Act
Maryland
Massachusetts
Maxine Waters
MBS
MDL
Mediation
Medical Marijuana
Merchant Cash Advance
Merchant Services
Merger
Mexico
MHA
Michelle Rogers
Michigan
Military Lending
Military Lending Act
Ministry of Justice
Minnesota
Minority Depository Institution
Miscellany
Mississippi
Missouri
MLETR
MLO
MMLF
Mobile Banking
Mobile Commerce
Mobile Payment Systems
Mobile Payments
Mobile Top-Ups
Money Service / Money Transmitters
Monitoring
Montana
Moorari Shah
Mortgage Advertising
Mortgage Broker
Mortgage Fraud
Mortgage Insurance
Mortgage Insurance Premiums
Mortgage Lenders
Mortgage Licensing
Mortgage Modification
Mortgage Origination
Mortgage Servicing
Mortgage-Backed Securities
Mortgagee Letters
Mortgages
Mortgages Servicing
MOUs
Multi-State Mortgage Committee
Mutual Fund
N.D. Cal.
NACHA
NAFCU
Nasdaq
National Bank
National Bank Act
National Flood Insurance Act
National Flood Insurance Program
National Mortgage Servicing Settlement
National Mortgage Settlement
NCLC
NCUA
Nebraska
Negative Option
Net Neutrality
Nevada
New Hampshire
New Jersey
New Mexico
New York
Nicaragua
Nigeria
Ninth Circuit
NIST
NMLS
No Action Letter
Non-bank
Non-Depository Institution
Nonbank
Nonbank Lending
Nonbank Supervision
North Carolina
North Dakota
North Korea
Notary
Notice
NYDFS
Obama
OCC
OCC EGRPRA
Of Interest to Non-US Persons
OFAC
OFAC Designations
OFR
Ohio
OIG
OIRA
Oklahoma
OMB
Online Banking
Online Lending
Open-End Credit
Operation Choke Point
Operational Resilience
Opt-In
Opt-Out
Orderly Liquidation Authority
Oregon
OREO
OTS
Overdraft
PA Department of Banking and Securities
PACE Programs
Pakistan
Patriot Act
Payday Lending
Payday Rule
Payment Processors
Payment Systems
Payments
PCAOB
Peer-to-Peer
Pennsylvania
Pension Advance
Pension Benefits
Petrobras
Petroleos de Venezuela
Phantom Debt
PHH v. CFPB
Pilot Program
PPPLF
Predatory Lending
Preemption
Preliminary Injunction
Prepaid Cards
Prepaid Rule
Prepayment
Prescreened Offers
President-Elect
Privacy Notices
Privacy Rule
Privacy/Cyber Risk & Data Security
Private Right of Action
Pro Bono
Project Catalyst
Property Tax
Prudential Regulators
PSLF
PTFA
Public Records
Punitive Damages
Qualified Mortgage
Qualified Residential Mortgage
Qui Tam Action
Racketeering
Ransomware
Rate Lock
Ray Baum's Act
Real Estate
Redemption
Redlining
Referrals
Refinance
Regtech
Regulation
Regulation A
Regulation B
Regulation C
Regulation CC
Regulation D
Regulation DD
Regulation E
Regulation F
Regulation H
Regulation J
Regulation M
Regulation O
Regulation P
Regulation V
Regulation X
Regulation YY
Regulation Z
Regulator Enforcement
Regulatory Sandbox
Rejected Transactions
Relator
Remittance
Remittance Rule
Remittance Transfer Rule
Rent-to-Own
REO
Repossession
Repurchase
Rescission
Research
RESPA
Responsible Banking
Responsible Business Conduct
Restitution
Retail Banking
Reverse Mortgages
Rewards Programs
RFI
Rhode Island
RICO
Ripeness
Risk Governance
Risk Management
RMBS
Robo-signing
Robocalls
Rooker-Feldman
ROSCA
Rulemaking Agenda
Russia
S. 2155
SAFE Act
Safe Harbor
Safeguards Rule
Sales Incentive Compensation
Sanctions
SAP
Sarbanes-Oxley
SARs
Sasha Leonhardt
Saudi Arabia
SBA
SBREFA
SCRA
SDN List
SDNY
Seasoned QM
SEC
Second Circuit
Section 1033
Section 1071
Section 19
Section 8
Securities
Securities Exchange Act
Securitization
Securitization Safe Harbor Rule
Security Freeze
Seila Law
Selling Guide
Semiannual Risk Report
Senate Banking Committee
Senate Finance Committee
Senate Judiciary Subcommittee
Seniors
Separation of Powers
Service Contracts
Service Fees
Servicemembers
Servicer
Servicing
Servicing Guide
Servicing Transfers
Sessions
Settlement
Seventh Circuit
SFO
Shareholders
Short Sale
Shutdown Relief
SIFA
SIFIs
SIGTARP
Single-Director Structure
Sixth Circuit
SLHC
Small Business
Small Business Financing
Small Business Lending
Small Business Regulatory Enforcement Fairness Act
Small Dollar Lending
Small Entity Compliance Guide
Social Media
SOFR
Song-Beverly Credit Card Act
Sons and Daughters
South Africa
South Carolina
South Dakota
Sovereign Immunity
SOX
Special Alerts
Spokeo
Spoofing
Sports Betting
SRR
Stablecoins
Standing
State Attorney General
State Issues
State Legislation
State Regulation
State Regulators
Statute of Limitations
Stress Test
Structured Settlement
Student Lending
Student Loan Servicer
Subject Matter Jurisdiction
Subprime
Sudan
Supervision
Surcharge
Swap Margin Rule
Swaps
Switzerland
Symposium
Syria
Systemic Risk
TAILOR Act
TARP
Taskforce
TCPA
Techsprint
Telemarketing
Telemarketing and Consumer Fraud and Abuse Prevention Act
Telemarketing Sales Rule
Tenant Rights
Tennessee
Tenth Circuit
Terms of Use
Texas
Third Circuit
Third-Party
TILA
Time-Barred Debt
TISA
Title Insurance
Title Loans
Tort Claims
TRACED Act
Transactions
Transnet
Travel Act
Tribal Immunity
Tribal Lending
TRID
TRO
Troubled Debt Restructuring
True Lender
Trump
Trust Fund
Truth in Caller ID Act
Truth in Savings Act
TSR
Ty Yankov
U.K.
U.S. Court of Federal Claims
U.S. House
U.S. Senate
U.S. Solicitor General
U.S. Supreme Court
UCCC
UDAAP
UDAP
UETA
UK
UK Bribery Act
UK FCA
UK FSA
UK OFT
UK PRA
UK Prevention of Corruption Act
UK Regulatory Reform
UK Serious Fraud Office
Ukraine
UNCITRAL
Unclaimed Property
Underserved
Underwriting
Unfair
Uniform Money Services Act
Uniform Mortgage-Backed Security
Unsecured Loans
Unsophisticated Debtor
URLA
USDA
USERRA
UST
Usury
Utah
Valerie Hletko
Valid When Made
Validation Notice
Vehicle Title
Vendor Management
Vendors
Venezuela
Vermont
Veto
Vicarious Liability
Virginia
Virginia Consumer Protection Act
Virtual Currency
Vision 2020
VoIP
Volcker Rule
Walter Zalenski
Warren Traiger
Washington
West Virginia
Whistleblower
White Collar
White House
Wholesale Lending
Wire Act
Wisconsin
Work-Product Privilege
Writ of Certiorari
Writ of Mandamus
WSLA
Wyoming
Yemen
Yield Spread Premium

Filter

California again modifies CCPA regs; appoints privacy agency’s board

California voters approve expanded privacy rights

Upcoming Events