Tricky Topics in CCPA Compliance

Published On June 10, 2019 | By Marc Zwillinger, Kandi Parsons and Michelle Anderson | Data Security, FTC & State AG, Practical Advice, Privacy
TwitterLinkedInFacebookRedditCopy LinkEmailPrint

At the time of the writing of this article, the final language of the California Consumer Privacy Act (“CCPA”) is yet to be determined. Nevertheless, given the effective date of the statute, as well as the requirement to provide California consumers with access to their personal information (“Personal Information” as defined by the CCPA) for the 12-month period preceding a consumer’s request, many companies have begun CCPA preparations in earnest. Providing definitive guidance on CCPA compliance absent the final statutory language and prior to guidance from the Attorney General’s (“AG”) office, however, is challenging. In addition to the many drafting errors spotted by privacy commentators, several sections of the CCPA are susceptible to conflicting interpretations—often as a result of statutory language that appears at odds with the statute’s stated purpose.

In this article originally published in the Media Law Resource Center Bulletin, “Legal Frontiers in Digital Media” (Spring 2019), Marc J. Zwillinger, Kandi Parsons, and Michelle Anderson address some of the more complicated parts of CCPA compliance by responding to the types of practical questions they have been asked.

About The Authors

Marc is the founder and managing member of ZwillGen PLLC and has been regularly providing advice and counsel on issues related to the increasingly complex laws governing Internet practices, including issues related to Electronic Communications Privacy Act (“ECPA”), the Wiretap and Communication Acts, privacy, CAN-SPAM, FISA, spyware, adware, Internet gambling and adult-oriented content. He also helps Internet Service Providers and other clients comply with their compliance obligations pertaining to the discovery and disclosure of customer and subscriber information.

Kandi counsels clients on privacy and data security issues, online and general advertising, and marketing practices, including COPPA compliance, student privacy, and the Internet of Things. Kandi advises companies on collecting, protecting, and using consumer data and helps them develop and implement comprehensive privacy and security programs. Drawing on her tenure at the FTC, Kandi assists clients in responding to FTC and state AG enforcement actions. Prior to joining ZwillGen, Kandi spent eight years in the FTC’s Division of Privacy and Identity Protection. While at the FTC, Kandi served on detail for six months to the United States Senate, Committee on Commerce, Science, and Transportation.

Michelle Anderson counsels clients on a range of privacy, security, and consumer protection matters. She works closely with clients to understand their goals and risk profiles to help develop strategies for compliance with domestic and international privacy and security laws and regulations.