Two state privacy laws — one in effect since 2018 and the other taking effect in 2023 — require companies to adequately train employees who may receive consumer inquiries.
On February 24, the California Chamber of Commerce will present a 60-minute virtual seminar with the data privacy team at Perkins Coie LLP explaining “The California Privacy Rights Act: Implementing a Compliance Program in a Rapidly Evolving Data Privacy Landscape.”
The California Consumer Privacy Act (CCPA) took effect in 2018, and was further solidified in 2020 when voters passed the California Privacy Rights Act (CPRA), which will take effect on January 1, 2023.
The California Code of Regulations states that all individuals “responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with the CCPA shall be informed of all of the requirements in the CCPA and these regulations and how to direct consumers to exercise their rights under the CCPA and these regulations.
All businesses covered by the CCPA/CPRA must identify any employee who may receive an inquiry from a consumer about the business’s privacy practices and train those employees.
Covered businesses include for-profits that meet at least one of these requirements:
• Make more than $25 million annually.
• Collect personal information of 50,000 or more California residents under CCPA in effect today or 100,000 or more California residents when CPRA goes into effect on January 1, 2023.
• Derive 50% or more of their revenue from the sale/sharing of California residents’ personal information.
“The idea of collecting personal information from California residents turns out to be a very low threshold,” said Dominique Shelton Leipzig, partner at Perkins Coie and one of the presenters at the CalChamber virtual seminar. “When you think about it, you just need a website that collects personal information of just 137 California residents per day to get to the 50,000 person threshold today.”
Although the number will go up to 274 under the CPRA, Shelton Leipzig added, “that’s almost every business with a website.”
To comply with the law, training must include:
• Consumer rights under the CCPA/CPRA;
• How consumers can exercise those rights; and
• The business’s responsibility in responding to those inquiries/rights.
CCPA/CPRA provisions will be enforced by the newly created California Privacy Protection Agency. Businesses covered by the CCPA/CPRA should make sure they’re complying with the consumer rights provided by these laws and that their employees who may receive an inquiry are properly trained by the compliance deadline of January 1, 2023.
Because training responsibilities already exist under the CCPA that’s in effect right now, Shelton Leipzig recommends that companies which haven’t yet undergone that training complete CCPA/CPRA training this year.
“I would suggest to go ahead and include sort of a combo of CCPA training and training that looks ahead to what goes into effect January 1, 2023, which is the California Privacy Rights Act that just amends the existing law, so you can get it all done in one fell swoop,” she said.
Ultimately, if companies don’t meet the January 1, 2023, deadline for compliance with the CPRA, the California Privacy Protection Agency can impose penalties of up to $7,500 per violation if children are involved or up to $2,500 per violation if children are not involved.
“And then, there’s a private right of action for anybody,” Shelton Leipzig added. “Consumers can bring an action if there has been a negligent data breach.”
The CalChamber virtual seminar “will cover all of the things the training requires,” said Shelton Leipzig, as well as what attendees can do “to get a coherent, actionable program in place, even if you don’t have a big, huge legal department.”
Businesses also will learn how to set up a six-phase approach for complying with the CPRA that will work with the existing CCPA.
Registration for the CalChamber virtual compliance seminar is open to CalChamber members and nonmembers at the CalChamber Store, store.calchamber.com, for $124.99 ($99.99 for CalChamber Preferred or Executive members).
Applicable employees who attend this presentation will fulfill their training requirements.
No recording is associated with the virtual seminar, so be sure to attend the live training.