Consumer Rights Established by the CCPA
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 41 minutes
Hello, everyone, and welcome to lessen 3.2 consumer rights that are established by the C C. P. A.
Our learning goals and objectives.
In this lesson, we will introduce you to the specific consumer rights that are established under the law.
You can go back to less than 3.1, and you'll see that not every consumer right that exist globally exists under the c. C. P. A.
Number two. We will review the specific response time that a business must satisfy once it receives a consumer request.
There are non discrimination protections for consumers if they decide to use one of their rights that exists under the CCP A. So we will take a look at that.
And number four.
There are some permitted consequences that a business can put in place. Should a consumer exercise a consumer request, including, most notably, pay walls.
We will look at all of that in less than 3.2.
The CCP a Onley covers certain consumer rights,
the right to access your information, the right to delete your information and the right to opt out of sale of your information.
When I use the word your Let's just assume your person residing in California.
Let's take a look at the right toe access.
It's a two part right.
The first is the right to access the categories of personal information of business has about you, and number two is to also access the underlying personal information.
If I submit an access request, the business might respond back and say, Okay, we have your contact information
that tells me what category of information they have on me.
It's contact information,
but I also get the right to actually see with specificity the underlying contact information.
So name, email, address, phone number.
You might also have my work phone number, and I'll only know that because I get a chance to look at the underlying personal info as well.
Number two. Ah, big reason why the CCP a past
the right to delete personal information.
But be very careful.
There are some major exceptions that exist under the CCP. A that do not exist under the GDP are
so don't try to put both mechanisms in place simultaneously.
You will run afoul, so please keep an eye on that, and we'll review that later in the course.
Then the third consumer right is the right to opt out of the sale of your personal information.
That's not opt in.
That means the companies allowed to collect it automatically. But you do have the right to opt out of the information being sold to a third party.
That doesn't mean all general third party transfers, just the sale of the data. Again, we will review all of that in future lessons.
Let's take a quick look at the timeline of a consumer right
in module eight. We will show you specifically how to satisfy a consumer request by building out a consumer Request channel.
But for the purposes of this conversation, suppose your company receives a consumer rights request.
Your business must respond to that California consumer within 10 days to confirm that the request has been received.
That's all you need to do
within 45 days. You must actually respond to the consumer request. So if it's a request to access the information, you need to respond and provide them with the copies of their personal information.
If the consumer is asking for their info to be deleted, you need to deleted within 45 days.
Now I know that businesses can sometimes be slow. And fortunately for you, the California Legislature knows that is the case as well.
The law actually does have built into it an additional 45 day window that you can ask the consumer for, but you need to request it within the 1st 45 days.
Otherwise, it would just be basically a 90 day window.
I challenge each and every one of you that is trying to build out privacy at your company.
You should be able to do this in 45 days.
PS. The GDP are is 30 so you need to really try to invest. Resource is adequately to get these responses out the door as quickly and efficiently as possible,
and we will give you some best practices to satisfy that all in module eight.
I also need to make you aware that there is a specific nondiscrimination provisions built into the C C. P. A.
Ah, business cannot discriminate against a consumer because they exercised any of their rights. You cannot deny a good or service to the consumer.
You can't charge them a different price. You cannot provide a different level or quality of the good or service to that person or even threatened to do any of that. So you really need to be careful when you receive a consumer rights request.
They need to be honored and honored in a way that the consumer won't feel like they're going to be discriminated against in the future simply because they exercise that right
The next slide might contradict what I just said, and frankly, in many ways it does.
But this was a specific provision that the California Legislature put in because the lobbyists from big tech and elsewhere wanted to make sure that this would not completely destroy many business models.
There is an exception, and this is a business may charge a consumer a different price if the difference is reasonably related to the value that the business was receiving when they obtained that. Consumers data.
Go back a couple slides if you want, and think back to that conversation where I was saying in the good old days money was exchanged for a good or service.
Nowadays, it's also personal information.
There are businesses out there were personal information is so valuable that if a consumer where to approach the business and say, Hey,
please delete my info that completely upends the relationship between the parties.
Here are some examples
in Europe Many news media websites have pay walls around certain articles that are actually available for free in the United States.
Why? Because so many individuals exercise their consumer rights there and that damages the business model.
They can also, in the United States, block similarly to Europe consumers from accessing free content
if a consumer is frequently asking for their information to be deleted.
I was once traveling in Germany and wanted to see an article on my phone.
It wouldn't load.
I happened to have it sitting in my phone browser when the plane took off.
I landed and could look at the article for free. Once I got to the airport here in the United States,
you might have also come across online video gaming websites or video channel websites that will also block certain content.
Unless you pay a fee in exchange for the information not being deleted.
That does tend to occur, but it's generally limited to certain industries.
there are three consumer rights that exist under the C C P A
the right to access your information. And that's both the categories and the underlying pieces of data.
the right to have your information deleted,
and then number three
the right to have your information be opt out to opt out of the sale to a third party.
We also reviewed the response time for receiving a consumer request.
You need to once again confirm receipt within 10 days and get the response back within 45
and you're welcome to another 45 days. If you requested within the 1st 45 days,
then number three
the nondiscrimination obligations.
I have to caution you, though,
if you're going to enact pay walls and other protections. If individuals are exercising their consumer rights,
you are walking on a very slippery slope full of land mines. So please be careful,
and I highly recommend you seek outside advice before doing that. Of course, please feel free to reach out if you have any questions
that summarizes everything for less than 3.2
and I will see you in the next lesson,