The CCPA requires businesses that sell personal information to explain that consumers have a right to opt-out of the sale[1] and provide a clear and conspicuous link on their homepage titled “Do Not Sell My Personal Information” that takes the consumer to a mechanism that permits them to exercise their opt-out right.[2] If

In order to help businesses understand and benchmark industry practice, Greenberg Traurig attorneys analyzed the publicly available privacy policies of companies within the Fortune 500.[1] As of October 2022 – nearly two years after the CCPA took effect – 71% of companies had updated their privacy policies to account for the CCPA.[2] It

One of the provisions in the ISO 29100 privacy framework is that the top management of an organization should “establish a privacy policy” that, among other things:

  • Provides an internal organizational framework for setting objectives,
  • Includes a commitment to satisfy applicable privacy safeguarding requirements,
  • Includes a commitment to continual improvement.

The privacy policy envisioned under

Yes.

In order to help businesses, understand and benchmark industry practice, Greenberg Traurig LLP analyzed the privacy policies of companies within the Fortune 500. As of December 2020, there was significant divergence between the rates at which companies in different industry sectors had updated their privacy policies to account for the CCPA. While all of

In order to help businesses understand and benchmark industry practice, Greenberg Traurig, LLP analyzed the privacy policies of companies within the Fortune 500. As of December 2020 – 12 months after the CCPA had gone into effect and six months after the CCPA became enforceable – 71.8% of the companies within the Fortune 500 had

The CCPA requires that a business include 15 specific disclosures in its privacy policy. These include, for example, disclosures relating to the enumerated categories of personal information that the business collects, the categories of personal information that are shared with service providers or other third parties, and consumers’ ability to request access to and deletion

The regulations implementing the CCPA require that “[e]very business . . . shall provide a privacy policy in accordance with the CCPA and the [regulations].”1 The regulations clarify that a business meets its obligation to “provide” a privacy policy by posting the policy online or, if it does not operate a website, “mak[ing] the

No.

A privacy policy typically discloses the following information to the public:

  • The categories of information collected from a data subject directly and from third parties about a data subject,
  • The purpose for which information is collected and used,
  • The ability (if applicable) of a data subject to opt out of their information being sold,