Don’t De-Prioritize Privacy During This Pandemic

Written By KEN SCHWARTZ

Companies coping with COVID-19 are likely overwhelmed by the very real and very significant business impacts of this global pandemic, but that doesn’t mean they should de-prioritize privacy.  Advocates and regulators are busy bolstering consumer protections even as state shutdown orders continue, in some form, into the foreseeable future. 

In California, businesses were hopeful that enforcement of the California Consumer Privacy Act (“CCPA”) might be delayed due to the far-reaching effects of COVID-19.  Attorney General Xavier Becerra, however, has stated that CCPA enforcement will launch on July 1st, regardless of other hurdles businesses may be facing.  However, the AG’s office has yet to release the finalized CCPA regulations, leaving some wondering what compliance might entail.

As if that wasn’t enough of a blow to those looking for a privacy compliance reprieve, the advocacy group behind the CCPA has submitted the preliminary signatures to secure a place on the November 2020 ballot for its new privacy initiative.  Californians for Privacy Rights submitted over 900,000 signatures in support of the California Privacy Rights Act (the “CPRA”) last week.  If passed by voters, the CPRA will, among other things:

    • Create additional rights related to personal information;

    • Triple penalties related to the collection and sale of children’s information; and

    • Establish an enforcement agency to enforce these rights.

Industry: disregard this ballot initiative at your own risk.  Californians for Privacy Rights states that a recent poll indicates that 88 percent of Californians would vote in favor of a ballot initiative expanding privacy protections for their personal information.

Lest you think California is the only locale where privacy protections are expanding even in the shadow of the coronavirus, Vermont enacted a bill providing additional privacy protections in March.  Vermont, which preceded California in establishing a data broker registry, is certainly on the forefront of privacy law despite its size.  The state’s March legislation places additional notification burdens on businesses in the event of a data breach and increases protections for student data.  Among other things, S.B. 110 focuses on the use of student data collected for K-12 education.  This is prescient of Vermont, given all the homeschooling technology that’s been put to use over the last few months.  Like the CCPA, Vermont’s new privacy legislation will go into effect July 1st.

The last few months have shown that, pandemic or not, privacy compliance changes will continue to come into effect for many businesses.  Regulators and advocacy groups are making their message heard: though overcoming COVID-19 challenges may be overwhelming, privacy protections can’t be sacrificed in the process.

KEN SCHWARTZ
Previous

Seventh Circuit Holds Violation of BIPA’s Informed Consent Regime Confers Article III Standing
Next

SCOTUS Resolves Circuit Split and Holds Trademark Plaintiffs Need Not Show Willfulness to Obtain Profits