Despite a general effective date of January 1, 2020, there are 5 steps that anyone doing business in California should take now to avoid problems under the California Consumer Privacy Act of 2018 (the Act) when it becomes effective. As a follow up to his original article explaining the important provisions of the Act, my partner Bob Braun provides us an important update on recent regulatory activity concerning the Act and provides practical guidance on what needs to be done now.
To read Bob’s original article about the Act, click California Adopts the California Consumer Privacy Act of 2018.
Update: California Consumer Privacy Act of 2018 - 5 steps to take NOW to avoid trouble by Bob Braun
Recent regulatory developments
Late last week, the California legislature published proposed technical amendments to the California Consumer Privacy Act of 2018. These amendments reflect almost two months of lobbying by both consumer and industry groups. In addition, the FTC has received a number of complaints that the Act, along with other proposed state actions, would create confusion in an already-fragmented approach to privacy and security in the United States.
5 steps to take now
While the changes in the Act and attacks on the Act continue to create uncertainty, businesses need to consider immediate steps to avoid the significant penalties for non-compliance. Businesses must be in full compliance on the effective date of January 1, 2020. It will not be adequate to start compliance efforts on that date.
In particular, there are 5 steps that businesses need to take to ensure compliance by the effective date:
- Create a standardized approach for handling consumer requests for personal information.
- Develop procedures for responding to consumer requests.
- Develop data collection and processing tracking procedures to understand what data is collected, where it resides, how it is maintained, and who is responsible for it.
- Analyze the legal basis for collecting and processing personal information – businesses will need to explain their legal rationale for exemptions to the consumer’s right to have their information deleted.
- Review their public-facing website disclosures, including adding a description of consumers’ rights under the Act, listing the categories of data collected and a conspicuous link titled “Do Not Sell My Personal Information.”
The California Consumer Privacy Act of 2018 addresses many of the concerns and requirements of the EU’s General Data Protection Regulation. Companies that take prompt action to comply with the California Act and the GDPR will likely gain a substantial advantage over competitors who wait.
JMBM’s Global Hospitality Group has worked with hotel companies to establish procedures and policies to achieve GDPR compliance, and we are also assisting clients to prepare now for compliance with California’s new privacy law. For additional information, contact Bob Braun (firstname.lastname@example.org, 310.785.5331) or Mike Gold (email@example.com, 310.201.3529).
Bob Braun is a Senior Member of JMBM’s Global Hospitality Group® and is Co-Chair of the Firm’s Cybersecurity & Privacy Group. Bob has more than 20 years experience in representing hotel owners and developers in their contracts, relationships and disputes with hotel managers, licensors, franchisors and brands, and has negotiated hundreds of hotel management and franchise agreements. His practice includes experience with virtually every significant hotel brand and manager. Bob also advises clients on condo hotel securities issues and many transactional matters, including entity formation, financing, and joint ventures, and works with companies on their data technology, privacy and security matters. These include software licensing, cloud computing, e-commerce, data processing and outsourcing agreements for the hospitality industry.
In addition, Bob is a frequent lecturer as an expert in technology, privacy and data security issues, and is one of only two attorneys in the 2015 listing of SuperLawyers to be recognized for expertise in Information Technology. Bob is on the Advisory Board of the Information Systems Security Association, Los Angeles chapter, and a member of the International Association of Privacy Professionals. Contact Bob Braun at 310.785.5331 or firstname.lastname@example.org.
This is Jim Butler, author of www.HotelLawBlog.com and hotel lawyer, signing off. Please contact us if you would like to discuss any issues or development that affect your hotel interests. We would like to see if our experience might help you create value or avoid unnecessary pitfalls. Who’s your hotel lawyer?
Logos, product and company names mentioned are the property of their respective owners.