Popular Topics
All Topics
- .Com Disclosure Guide
- 140conf
- 140conf Long Island
- 140confLI
- 47 USC 230
- AAA
- ACI 2017
- Ads
- Advance Registration
- Advertising
- Advertising Agencies
- Advertising Agency
- Advertising Disclosure
- Advertising Industry
- Advertising Injury
- Advertising Law
- Advertising Practice
- advertising self-regulation
- Advertising Self-Regulatory Council
- Advertising Software
- Advertising, Marketing & Promotions News
- Advertorials
- Advisory
- Affiliate Marketing
- Affiliate Program
- AG
- All Natural
- Amazon
- Amazon Silk
- Amazon Tax
- Amazon.com
- Amendments
- American Advertising Federation
- American Bar Association
- Americans with Disabilities Act
- Android
- Annual Audit
- Annual Fee
- anti-fraud
- App Developers
- Apple
- Apps
- Arbitration
- Arbitration Clause
- Arbitration Rules
- Ashley Madison
- ASRC
- AT&T Mobility LLC v. Concepcion
- ATDS
- Attorney
- Attorney General
- Audio Beacons
- Augme
- Auto-dial
- Automatic Renewal
- Automobiles
- BBB AdTruth
- Bead Art Playsets
- Behavioral Advertising
- Best Lawyers
- Blackberry
- Bloggers and Influencers
- Bloomberg BNA
- Brain Training
- Branding
- Brands
- Breach
- Burden of Proof
- Business Law
- Business, Marketing & Promotions News
- Buyers
- California
- California Auto-Renewal Task Force
- California Consumer Privacy Act
- California Department of Alcoholic Beverage Control
- California’s Automatic Renewal Law
- California’s Unfair Competition Law
- Campaigns
- CAN-Spam
- Cancer Fund of America
- cannabis
- Caribbean & Latin American Corporate Counsel Summit 2017
- CARU's Guidelines
- CAS
- Cash prizes
- CASL
- CBBB
- CBD
- Celebrity Images
- Cell Phone Applications
- Cell phones
- CFPB
- CGMP
- Chambers 2017 USA Guide
- Chantal Tode
- Charge Pop-ups
- Charity Fundraising
- Charity Regulators
- Children's Advertising
- Children's Advertising Review Unit (CARU)
- children's marketing
- Children's Privacy
- Civil Penalties
- Class Action
- Class Action Lawsuit
- Class Certification
- Clean Diesel
- Cognitive Claims
- Colorado
- Commerce Department
- Commercial Advertising
- Commercial Electronic Mail Act (CEMA)
- Communications Decency Act
- compliance
- conference
- Consumer Complaints
- Consumer Complaints List
- Consumer Contracts
- Consumer Data
- Consumer Fraud
- consumer health guidelines
- Consumer Privacy
- Consumer Privacy Bill of Rights
- Consumer Protection
- consumer protection laws
- Consumer Sentinel Network
- Contract
- COPPA
- COPPA FTC Olshan Advertising Marketing Promotions Privacy
- Copyright Act
- Copyright Alert System
- Copyright Infringement
- Copyright Infringement Abroad
- Copyright, Trademark and Other Intellectual Property
- Corporate Law
- Council of Better Business Bureau
- Counterclaims
- Court Decisions
- COVID-19
- Cramming
- Credit Card Payment Surcharges
- Crowdfunding
- Cryptocurrency
- cybersecurity
- D.C. Circuit Court
- Daily Fantasy Sports Contests
- data breach
- Data Broker
- Data Collection Practices
- Data Protection
- Data Security
- Data Transfers
- Debt collectors
- Deceptive Advertising
- Deceptive Pricing
- Deceptive Tracking
- Department of Commerce
- Department of Labor
- Department of Labor (DOL)
- dietary supplements
- Digital
- Digital Advertising
- Digital Media
- Direct listings
- Direct Marketers
- Direct marketing programs
- Direct response marketing
- DirectTV
- Disclosure
- Disclosure Obligations
- Disclosure Rules
- Discounts
- DMA
- DMCA
- Do Not Call
- Do Not Track
- DOJ
- Domain Extensions
- Domino's Pizza
- Dot Com Disclosures
- DPPA
- DraftKings
- Drawing By Chance
- Elder Abuse Prevention and Prosecution Act
- Emissions Testing
- endorsement
- Enforcement Action
- Enhanced Ads
- Entry Fee
- EPA
- Epic
- Ethics
- EU Commission
- EU-US Privacy Shield
- European Commission
- European Court of Justice (ECJ)
- European Union
- European Union registration holders
- European Union Trademark
- Exchange listing
- Ezor
- Factory outlets
- Fair Credit Reporting Act (FCRA)
- Fair Debt Collections Practices Act
- Fair Information Practice Principles
- Fair Labor Standards Act
- False Advertising
- FanDuel
- Fantasy Contests Act
- Fantasy Sports
- Fantasy Sports Operators
- Farm Bill
- fashion law
- Fax broadcsters
- Faxes
- FCC
- FCC Developments
- FCC Solicited Fax Rule
- FDA
- FDCA
- Federal Laws & Regulations
- Federal Overtime Regulations
- Federal Trade Commission
- Final Rule
- FIPP
- First Amendment
- Fit Products
- Fit Tea
- Florida
- Force Majeure
- Fraud
- FTC
- FTC Act
- FTC Chair
- FTC Guidance
- FTC restitution
- FTC’s Jewelry Guides
- Gambling
- Gambling Laws
- Game Promotions
- GDPR
- General Data Protection Regulation
- Geo-targeted Advertising
- Georgia
- Guide
- HARO
- Health-related Mobile Apps
- Health-related Products
- Healthy
- HIPAA
- History Sniffing
- HitPath
- Homestead Laws
- HTC
- Hurricane
- IAB
- ICANN
- illegal content
- Illegal Gambling
- Illinois
- IMDb
- Influencer Marketing
- Injury in Fact
- Insider Trading
- Inspection Resources
- Insurance Company
- Insurance Coverage
- INTA
- Intellectual Property
- Internet and Privacy Law
- iOS
- Iowa
- IP Awareness Assessment Tool
- IPOs
- Jeff Pulver
- Jewelry
- JOLT
- Jurisdiction
- Kindle Fire
- Lanham Act
- Law
- Law Enforcement
- Law Review Article
- law school
- Laws
- Leading Lawyers
- Lee Bogner
- Legal 500 United States 2017
- Legislation
- letter of consent
- Licensing Fees
- Lily Robotics
- List managers
- Litigation
- Lumosity
- Lumosity ads
- Lumosity games
- Lustigman Firm
- Luxury Daily
- made in the usa
- Magazine publishers
- Mail Order Sales Rule
- Manufacture
- Manufacturer’s Suggested Retail Price (“MSRP”)
- Marden-Kane
- Marketing
- Marketing & Promotions News
- Marketing and Advertising Law
- Marketshare
- Mass texts
- Material Disclosures
- Mc Donalds
- Media and Entertainment
- Media Companies
- Microsoft
- MLM
- Mobile Financial Services
- Mobile In-app Charges
- Mobile Marketer
- Mobile Marketing
- Mobile Payment Systems
- Mobile Payment Systems Security Programs
- Mortgage Bankers Association
- Mortgage Investors
- NAD
- NARB
- Native Advertising
- Native Advertising Guidelines
- Nautilus, Inc.
- Network Advertising Initiative
- New Jersey
- New Jersey Supreme Court
- New York
- New York Law Journal
- New York SHIELD Act
- New York’s Automatic Renewal Law
- Nomi
- Non-commerical Calls
- Non-profit Organization
- Notice
- Nutrient Content
- NY Attorney General
- objective consumer harm
- Off-label Prescriptions
- Office for Civil Rights (OCR)
- Office of Foreign Assets Control (OFAC)
- Office of National Coordinator for Health Information Technology (ONC)
- Ohio
- Oklahoma
- Olshan
- Olshan Grundman
- Olshan News
- Online Advertising
- Online Apps
- Online Cancellation
- Online Contracts
- Online Discount Pricing
- Online Entertainment Co
- Online Retail
- Online Reviews
- Online Tracking
- Online travel agencies
- Overstock
- Paid Promotions
- pandemic
- Patents
- Payment Methods
- Penny Auction
- Performance Marketing
- Personally Identifiable Information
- Pet Care
- Peter Shankman
- Pharmaceutical Advertising
- Pharmaceutical Manufacturers
- pre-orders
- Pre-recorded Message
- Price Match Guarantee
- Pricing Guides
- Pricing Practices
- Privacy
- Privacy Act
- Privacy Policy
- Privacy Practices
- Privacy Shield
- Pro-Consumer
- Products
- Professional Association for Customer Engagement (PACE)
- Promotion
- Proposed Rulemaking
- Public Database
- Publication of Age
- Publisher Magazine
- Q&A
- RCT Requirements
- Real Estate
- Real-estate-advertising
- Reasonableness
- Registration
- Regulations
- Resale Value
- Resignation
- Restrictions
- retail
- Retail Stores
- Revisions
- Risk
- Robocalls
- Roundtable
- Safe Harbor
- Sales
- Sales Practices
- Sales Tax
- Sandy
- SDNY
- SEC
- SEC disclosure
- SEC disgorgement
- SEC Form 10
- Section 17600 of the Business and Professions Code
- Securities Act of 1933
- Securities Act Section 17(b)
- Securities Exchange Act of 1934
- self-regulatory
- Sellers
- Service-Mark Infringement
- Settlement
- Sex Offenders
- SilverPush Apps
- Skill Contest
- Skin Care Products
- Smartphone
- Social Media
- Social Media Accounts
- Social Media Marketing
- Social Media Posts
- Social Networking
- South Dakota
- Southern District of Florida
- Spam
- Special Olympics
- Spotify
- Staff Reshuffling
- State Law
- Statute of Limitations
- Subscribers' privacy rights
- Subscription Arrangements
- substantiation rules
- Super Lawyers
- Supreme Court
- Sweeping
- Sweepstakes Law
- Sweeptstakes Contest
- symposium
- Tasty
- TCCWNA
- TCPA
- TCPA Appeals
- TCPA Claim
- TCPA Class Actions
- TCPA Lawsuit
- TCPA Liability
- TCPA Regulation
- TCPA Ruling
- Tech Companies
- Tech Day New York 2017
- Telecom Law
- Telemarketers
- Telemarketing
- Telemarketing Calls
- Telemarketing Law
- Telemarketing Sales Rule (TSR)
- Telephone Consumer Act
- Terms & Conditions
- Text Message Ads
- Text Messages
- Text Messengers
- Textile Fiber Products Identification Act
- The 2017 ANA/BAA 39th Marketing Law Conference: Breakthrough: Legal Strategies for Dynamic Businesses
- The Americans with Disabilities Act
- The Electronic Retailing Self-Regulation Program
- The Kardashians
- The Pennsylvania Record
- Third Circuit Court
- Throttling
- Top Ten Complaints
- Trademark Clearinghouse
- Trademark Protection
- Trademark Rights
- Trademarks
- Transactions
- Transnational Criminal Organization (TCO
- Truth-in-Consumer Contract, Warranty & Notice Act
- U.S. Patent and Trademark Office
- Unauthorized Data
- United Kingdom
- Unsolicited Advertisement
- Unsubscribe Act of 2019
- US Supreme Court
- Use Tax
- Velti
- Vermont
- Vermont House Bill 593
- Vicarious Liability
- Violations
- virtual reality
- Wal-Mart v. Dukes
- Warning Letter
- Washington D.C.
- Washington Law
- Washington’s Consumer Protection Act
- WBO
- Web Agreements
- Web Browsers
- webinar
- webOS
- Websites
- Western District of Washington
- White House
- World Boxing Organization
- World Trademark Review
Recent Posts
- Engaging Experts Podcast Interviews Andrew Lustigman on False Advertising Disputes
- Customer Reviews Matter
- NAD Reviews Portable UV-C Light Product Advertised on TV (Case #6426, 12/10/20)
- FTC Chairman Joseph Simons Announces Resignation; Commissioner Rebecca Kelly Slaughter Designated Acting Chair; Staff Reshuffling
- Olshan Presents Consumer Protection Update Webinar Hosted by ABA
- NYSBA Inside Publishes Article by Lustigman and Spina on NY’s New Automatic Renewal Law
- First Circuit Ruling Limits Wire Act’s Control Over Lottery, Online Gaming
- Law360 Publishes Article by Scott Shaffer on the Uncertain Future of the TCPA
- Andrew Lustigman Quoted in Law360 on the FTC’s Ability to Seek Monetary Restitution
- Olshan Branding Management and Protection Attorneys Present Webinar on Marketing in the COVID-19 Era to the Bronx Third Avenue BID
Archives
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
Contact Us
212.451.2258
The California Consumer Privacy Act (CCPA) Revised Draft Regulations Provide Additional Guidance and Raise Questions for Businesses
As many businesses may be aware by now, California recently enacted sweeping new laws governing the collection, use and management of personal information. The California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 has many businesses struggling to understand the application of the law and exactly what a business needs to do to comply. In an effort to clarify some aspects of the law, California issued draft regulations in October 2019 that provided some guidance to businesses, and those draft regulations continue to be revised as late as March 11, 2020. While still not finalized, the revised CCPA draft regulations offer some clarification, and open up more questions, on certain issues.
Some of the changes/clarifications in the revised CCPA draft regulations include:
- Clarification that the collection of IP addresses without linking the IP addresses to any particular consumers is not, in and of itself, the collection of “personal information”
- Specific reference to the method by which a privacy notice needs to be accessible to consumers with disabilities
- A provision relating to the collection of personal information from a mobile device and a requirement that the collection of certain personal information will require a “just-in-time” notice prior to the collection of such information
- A requirement that data brokers who do not collect information directly from consumers provide a link to the California Attorney General through which consumers can visit the data broker’s website and submit an opt-out request
- Clarification that a business that does not collect personal information directly from a consumer does not need to provide notice at time of collection if the business does not sell the consumer’s information
- More disclosure requirements for businesses that sell personal information of minors under 16 years of age
- Examples of customer loyalty programs and how a business can still run such a program and be in compliance with the CCPA, which prohibits discrimination against a consumer who exercises his/her rights under the CCPA
- Additional specific guidance regarding required provisions for service provider agreements
Many of the changes to the revised draft regulations include suggested methods by which businesses must verify consumers who submit consumer requests to know or to delete under the CCPA. Before a business provides a consumer with a copy of that consumer’s personal information, the CCPA requires the business to verify that the consumer is actually who he/she claims to be. For a business that operates a website with password-protected accounts, the verification of consumers may be relatively simple as a business can use the same verification methods a business currently employs for verification (i.e., entry of a password, sending a code to a mobile device, having a verification question for a consumer to answer).
When a consumer does not have a password-protected account with a business, however, verification can be much trickier, and the current draft regulations describe several methods through which a business can verify a consumer making a consumer request. Depending on the nature of the information a consumer is seeking, or the nature of the information a consumer is asking to delete, verification of the consumer can be cumbersome and time consuming, requiring such things as confirming three data points of verification and providing a notarized statement under penalty of perjury.
Takeaway: The revised draft regulations, and the CCPA in general, makes clear that businesses must take the privacy of individuals seriously, and it may take some effort to make sure a business is in compliance with the law. A business must continue to evaluate its data collection and sharing practices in light of evolving compliance obligations.