Businesses Seek CCPA Clarity as California AG Issues Dire Warning
Despite the headlong rush to the Jan. 1, 2020, effective date of the California Consumer Privacy Act, businesses impacted by the requirements imposed by the new law are still looking for more precision in the proposed regulations implementing it. Entities subject to the law also are seeking a slowdown of sorts before they must comply with its requirements, legal practitioners familiar with comments submitted to the California attorney general said.
[...]
“A common theme among businesses is a concern that compliance with the CCPA, and in particular, ‘requests to know,’ can ultimately result in possible data breaches or the disclosure of personal information to persons/entities with nefarious purposes,” explained Ana Tagvoryan, a partner at the law firm Blank Rome.
[...]
Given the risk of inadvertently providing someone’s personal information to an impostor or another inappropriate person, some businesses would prefer to just provide the categories of information they collect to those who ask. Alternatively, some commenters have asked the California AG to “provide voluntary security standards for businesses, compliance with which will protect the businesses under a safe-harbor provision,” explained Neeru Jindal, an associate at Blank Rome.
"Businesses Seek CCPA Clarity as California AG Issues Dire Warning," by Lori Tripoli was published in Compliance Week on December 16, 2019.