The CCPA generally does not require that a company obtain the consent (or the “opt-in”) of a person before collecting or using their personal information. Consent is, required, however, in the following situations:
While United States statutes that require privacy notices differ in terms of what they require to be included within a privacy notice, none mandate that an organization disclose the fact that information may be shared as part of a merger or acquisition.[1] That said, in 2000 the Federal Trade Commission (FTC) took the position
Potentially.
Some consumers may assume that a company owns the payment card-related information that it collects when it accepts payment cards (e.g., credit or debit cards). In order to process payment cards, however, a company typically must enter into a written contract with a payment processor or merchant-bank. Those contracts often specify that payment card-related
The regulations implementing the CCPA make clear that the notice at collection (or the privacy notice if it is being used to satisfy the notice at collection) does not have to be physically provided to a consumer; instead a business must make it “readily available” in a location where consumers are likely to encounter it.
No.
Based upon a review of the websites of the Fortune 500 conducted approximately one year after the CCPA went into effect, 21.4% of websites included a “do not sell my personal information link.” 78.6% of websites did not include a link to opt out of the sale of personal information.1 A review of
As plaintiffs’ attorneys continue to experiment with ways to utilize the California Consumer Privacy Act (CCPA) to obtain quasi-discovery, questions exist whether they may attempt to leverage the obligations imposed by the CCPA on law firms. While the CCPA states that the “obligations imposed on businesses by Sections 1798.110 to 1798.135 [of the CCPA], inclusive,
Maybe.
“Tokenization” refers to the process by which you replace one value (e.g., a credit card number) with another value that would have “reduced usefulness” for an unauthorized party (e.g., a random value used to replace the credit card number).[1] In some instances, tokens are created through the use of algorithms, such as hashing
The CCPA requires that a business include 15 specific disclosures in its privacy policy. These include, for example, disclosures relating to the enumerated categories of personal information that the business collects, the categories of personal information that are shared with service providers or other third parties, and consumers’ ability to request access to and deletion
No.
A privacy policy typically discloses the following information to the public:
It depends.
If a written contract between a law firm and its client (e.g., an engagement letter) prohibits the law firm from using, retaining, and disclosing personal information except to the extent permitted by the client, the law firm may be a “service provider” under the CCPA. The CPRA amended the CCPA’s definition of service