The California Assembly had a busy May hearing amendments that might clarify (or further muddy) the California Consumer Privacy Act ("CCPA"). With four new bills approved by the Assembly in the final week of the month, May saw a total of 10 CCPA-related bills pass through the Assembly and on to the Senate. We covered a number of these in our last update. Here's a rundown of the 10 bills:

  • AB 25: This is one of the most highly anticipated bills, especially for companies that are not consumer-facing. AB 25 redefines "consumers" to omit employees, contractors, job applicants, and agents of the business to the extent the person's personal information is collected and used solely within the context of the person's role as a job applicant to, an employee of, a contractor of, or an agent on behalf of, the business.
  • AB 846: This bill amends the discrimination and financial incentive provisions of the CCPA; it makes clear that loyalty and reward programs are not prohibited by the Act while maintaining a prohibition on programs and practices that are unreasonable or coercive.
  • AB 1355: This bill makes non-substantive technical changes but is expected to be a potential vehicle for other more substantive amendments (stay tuned).
  • AB 873: This bill redefines "deidentified" to align with the FTC's "reasonably linkable" framework for re-identifying information.
  • AB 1564: AB 1564 revises the requirement of a toll-free telephone number for consumers to make consumer requests – it would require an email address and physical address (or just an email address in the case of businesses that operate exclusively online).
  • AB 874: This bill clarifies the exclusion of "publicly available information" from the definition of personal information, defining publicly available information as information that is lawfully made available from federal, state, or local government records. This bill also reiterates the exclusion of de-identified or aggregate customer information from personal information.
  • AB 1416: An important bill for company information security and compliance, AB 1416 creates exceptions for the sale of information for detecting security incidents, fraud, and illegal activity and for complying with government requests.
  • AB 1202: This bill defines the term "Data Broker" while listing certain requirements including registration with the Attorney General (mirroring certain requirements under Vermont's data broker law) and compliance with a consumer's delineated CCPA rights.
  • AB 981: This bill specifically creates an exemption from the CCPA for certain activities of insurance institutions, which are separately regulated under the Gramm-Leach-Bliley Act through California state law enforced by the Insurance Commissioner. (Yes, insurance institutions already have what are really federal regulatory requirement but that are statutorily mandated and regulated at the state level. It's not at all confusing.)
  • AB 1146: This bill carves out an exception for vehicle information sent by dealers to manufacturers regarding vehicle repair pursuant to warranty or recall.

As the California Senate reviews these bills, the Attorney General continues preparing its guidance and implementing regulations.

Stay tuned to our blogs as we continue to monitor developments!

www.fkks.com

This post first appeared in Frankfurt Kurnit's Focus on the Data blog (www.focusonthedata.com). It provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.