The CA AG recently issued a press release summarizing some of its CCPA enforcement activity in 2020, which indicates that - as would be anticipated - most companies are curing violations within the 30-day cure period. However, it is very important to note that the CA AG also launched a new tool, the Consumer Privacy Tool, which allows consumers to directly notify businesses, and the AG's office, of CCPA "Do Not Sell" violations. And, while right now the tool is only designed to address "Do Not Sell" violations, the AG's office specifically states that it may be updated to address other types of violations in the future.
The tool (here) ask consumers several questions, which address the basic elements of the CCPA provisions for "Do Not Sell." If the consumer answers in a way that indicates a violation, the tool generates a notification that the user can then email to the business.
Notably:
- The press release mentions that the email may trigger the 30-day period for the business to cure violation of the law;
- Consumers provide the business email address, and they could choose any email they are familiar with or find on the website; and
- The Office of the Attorney General collects the information from the tool specifically to assist in investigating violations and enforcing the CCPA.
Accordingly, companies subject to the CCPA should take steps to ensure that any employee who monitors a publicly-accessible email address is on the lookout for this type of consumer notice, and knows who to report it to in the privacy office, as it may trigger the 30-day cure period and, potentially, further investigation by the Attorney General.
Originally published July 29, 2021
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
