Preparing CCPA Privacy Policies Before the July 1 Enforcement Date

ccpa privacy policy
Print Friendly, PDF & Email

Despite the myriad issues that businesses now face with the Covid-19 pandemic, the California State Attorney General remains committed to the California Consumer Privacy Act (“CCPA”) enforcement date of July 1, 2020. As such, businesses that have not already done so should add CCPA compliance to their immediate to-do lists. One area of compliance that requires attention is online privacy policies that include CCPA-mandated provisions (“CCPA Privacy Policies”). Since the proposed CCPA regulations were first released to the public on October 11, 2019, the California State Attorney General’s Office has released two (2) modifications thereto. Those modifications have, in turn, necessitated changes to companies’ CCPA Privacy Policies. Businesses must, among other things, update their online privacy policies to ensure that they include CCPA-required disclosures and the associated menu of consumer options. 

What is required of CCPA Privacy Policies?

Key CCPA Privacy Policy Requirements

The CCPA regulations instruct that “the purpose of the privacy policy is to provide consumers with a comprehensive description of a business’s online and offline practices regarding the collection, use, disclosure, and sale of personal information and of the rights of consumers regarding their personal information.” In order to achieve this level of transparency, below is a partial list of the now required disclosures that businesses must include in their respective CCPA Privacy Policies:

  • The categories of personal information that businesses have collected about consumers in the preceding twelve (12) months;
  • The categories of sources from which the personal information is collected. Examples of sources may include advertising networks, Internet Service Providers, data analytic providers, government entities, social networks and data brokers;
  • The commercial or business purpose for which the personal information was collected or sold;
  • The categories of personal information that businesses have disclosed for business purposes, or sold to third parties, in the preceding twelve (12) months. For each category of personal information, businesses must provide the categories of third parties that the information was disclosed or sold to;
  • Notification that consumers have the right to request that their personal information be deleted, and instructions on how to submit a verifiable consumer request to delete such information; 
  • An explanation that consumers have the right to opt-out of the sale of their personal information, and include (on their websites, at their physical location points of sale, and/or in their apps) contents of the notice of the right to opt-out or a link to the notice; and
  • Instructions on how authorized agents can exercise rights on behalf of consumers.

All of these disclosures must be presented in plain, straightforward language that is easy to read and understandable to consumers. Additionally, CCPA Privacy Policies must be reasonably accessible to consumers with disabilities as outlined in version 2.1 of the Web Content Accessibility Guidelines (“WCAG”).

CCPA Compliance

Updating online privacy policies is only one step among many that must be taken towards achieving CCPA compliance. Businesses should consult with experienced data privacy attorneys in this process in order to avoid a California Attorney General’s Office investigation.

If you are interested in learning more about this topic or require assistance with drafting a CCPA Privacy Policy, please email us at, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Related Blog Posts:

CCPA Record Keeping Requirements

CCPA Forms: The Right to Opt-Out, Request to Know and Request to Delete

CCPA Law: The Private Right of Action

David O. Klein

David O. Klein

David Klein is one of the most recognized attorneys in the telemarketing, technology, Internet marketing, sweepstakes and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Schedule a Call
In The Know

Trending Topics

New York Sweepstakes Law blog- Klein Moynihan Turco

New York Sweepstakes Law: Are You Compliant?

Print Friendly, PDF & Email

In general, a lottery exists when entrants pay for the chance to win a prize. States alone reserve the right to administer lotteries. Businesses can eliminate one element of what would otherwise be an illegal lottery, in order to transform it into a legal promotional game. If the requirement to

TCPA surveys

An Ad or not an Ad: NY Weighs in on TCPA Surveys

Print Friendly, PDF & Email

Another day, another court decision that refines constitutes a Telephone Consumer Protection Act (“TCPA”) unsolicited fax advertisement. A Manhattan-based federal court recently issued a decision that removes faxed invitations to participate in a survey from the TCPA definition of advertisement. In drawing this distinction for TCPA surveys, the Court held

NY sports gambling law- Klein Moynihan Turco

Agreement Reached to Enact NY Sports Gambling Law

Print Friendly, PDF & Email

This week, Governor Andrew Cuomo and the New York State Legislature agreed to a budget deal that will bring mobile sports betting to the State through a unique NY sports gambling law.  Upon the Governor’s signature, NY sports gambling is primed to become the nation’s largest market. However, New York

UK and US Social Media Influencer Laws

UK and US Social Media Influencer Laws

Print Friendly, PDF & Email

In September of 2020, the United Kingdom’s (“UK”) Committee of Advertising Practice (“CAP”) reviewed the Instagram accounts of 122 UK-based social media influencers to determine whether content was being properly flagged as advertising in accordance with applicable social media influencer laws. This past March, the UK Advertising Standards Authority (“ASA”)

Share on facebook
Share on google
Share on twitter
Share on linkedin