May 29, 2024

U.S. Privacy and Data Protection | Insights | May 2024 (State Law)

Portrait Liana Chen
By Liana Chen

Partner

U.S. Privacy and Data Protection | Insights | May 2024 (State Law)

The California Privacy Protection Agency board recently gathered to revise draft regulations to implement parts of the state's new data broker law, the Delete Act of 2023, which was signed into law last October by California Gov. Gavin Newsom.

What is the Delete Act and How Does it Impact My Business?

Under existing law, data brokers are already required to register in California. Hundreds of companies in California have been listed as data brokers in California’s data broker registry.

Beginning January 1, 2026, the Delete Act will also require the California Privacy Protection Agency (CPPA) to “establish a centralized system to allow individuals to request the simultaneous deletion of their personal information across all data brokers, and for other purposes.”1

There will also be new audit and disclosure requirements for data brokers to ensure their practices remain compliant.

In particular, every three years, the Delete Act will require data brokers to undergo an independent audit to verify they are remaining compliant with the Act.

Further, the Delete Act requires data brokers to register annually with the CCPA and to disclose the following information:

  • Their name and primary physical, email and website addresses.
  • Metrics regarding the number of consumer and Delete Act requests.
  • Whether they collect certain information e.g., about minors or precise geolocation.
  • A link to a webpage that explains how consumers may exercise consumer rights.
  • To what extent they are regulated by other laws, e.g., the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and specific California privacy laws.
  • When applicable, certain audit information.

How Do the Recent Draft Regulations Affect the Delete Act?

The draft regulations aim to expand definitions in the Delete Act by having data brokers register with the CCPA if they sell data of consumers that they did not directly collect from a consumer, even if they have a direct relationship with a consumer. This shows increased regulator attention to data privacy rights and mandates upon businesses collecting, using, selling, and sharing consumer data, especially by “data brokers.”

Penalties for Non-Compliance

Failure to comply with the Delete Act could result in receiving significant fines. For example, data brokers who fail to register with the CCPA are subject to administrative fines including fines per day of a violation, such as a failure to register or failure to honor a deletion request.

How Can Kronenberger Rosenfeld Help Your Business?

Kronenberger Rosenfeld, LLP regularly advises clients regarding privacy compliance and defends enforcement actions relating to privacy and advertising issues by staying up to date with the latest laws. Contact our firm using our online case submission form here.

This entry was posted on Wednesday, May 29, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.



Related articles

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

U.S. Privacy and Data Protection | Insights | Apr. 2024 (Federal Law) A draft of the American Privacy Rights Act of 2024 (APRA) was introduced this month, aiming to establish...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

With the start of the new year, the Federal Trade Commission (FTC) has been active in ongoing privacy issues. Below outlines some key issues being considered by the FTC. Participation...

Read Article

Privacy & Cybersecurity

U.S. Privacy and Data Protection | Insights |

The United States continues to see an expansion of privacy and data protection laws being passed, and it remains important to be aware of each state’s updates. Recent Updates: Earlier...

Read Article

Privacy & Cybersecurity

CCPA Opt-out Buttons as Options for CCPA Compliance

The proverbial dust from the implementation of the California Consumer Protection Act (“CCPA”) has settled. And at this point, most businesses are aware that under the CCPA, California residents have...

Read Article
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online

OR

Give us a call
Join our mailing list

Stay ahead of legal matters

The internet moves fast. We'll keep you informed.