Privacy & Cybersecurity: Navigating digital privacy

Consumer privacy and data security are two of the most vital topics facing California auto dealers and other retailers today. This blog explores the changing legal landscape, what it means for retailers, and how to take a practical approach to issues when perfection may be unattainable. Look to here for updates on new laws and regulations, enforcement actions by regulators and the plaintiff’s bar, and steps you can take to decrease liability and increase customer confidence.

Watch our CCPA webinar

Held October 22, 2019

CCPA and vendors

What you need to know

Published on

Many automotive vendors rely on accessing automotive dealers’ customer data to provide services as varied as lead generation, vehicle tracking, and customer service. Under the CCPA, dealers may be held liable if any vendor misuses customer data or experiences a data breach. Each vendor that uses your customer data therefore has the potential to steeply increase your potential liability, particularly in light of the fact that you cannot directly control the vendor’s data use or data security practices.

Monica Baumann published in Automotive News

Dealerships must safeguard customer data

Published on

Automotive News turned to Scali Rasmussen attorney Monica Baumann for this article about the California Consumer Privacy Act. The most aggressive consumer-privacy law in the country, the CCPA goes into effect January 1, 2020.

Understanding the CCPA, part 5

What does the law require?

Published on

The California Consumer Privacy Act has four major prongs intended to protect consumer’s privacy while also allowing consumers to use services provided by companies that share and sell data. In general terms, businesses will need to tell customers what type of data they collect, what they disclose or sell, and what purpose they use the data for. Businesses may also be required to erase data and, in more limited circumstances, allow customers to “opt out” of certain usages.

Understanding the CCPA, part 4

What kind of data uses are restricted?

Published on

The California Consumer Privacy Act governs three different types of data usages: collection of data, disclosure of data, and sale of data. It is important for businesses, including auto dealers, to know not only what type of data they are collecting, but what use they intend to put it to, as their duties under the law depend on the data usage.

Understanding the CCPA, part 3

What kind of data is covered?

Published on

The California Consumer Privacy Act applies to “personal information” of a consumer, broadly defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Data covered includes, but is not limited to, traditional identifiers like name, postal address, email address, driver’s license numbers, and social security numbers. It also personal characteristics such as age, race, or national origin; commercial information such as records of purchases of goods or services; biometric data; Internet or other electronic network activity; geolocation data; professional or employment-related data; and education information. However, “publicly available information,” defined as information lawfully made available from federal, state or local government records.

Understanding the CCPA, part 2

What types of businesses does the law apply to?

Published on

Big tech companies are the clear target of the California Consumer Privacy Act, but its reach is much wider than just Silicon Valley. The threshold question, therefore, for each business looking at CCPA compliance, including auto dealerships, is whether the law applies to them. Not all businesses are covered by the CCPA; understanding whether your is will be key.

Published on

On October 10, 2019, California Attorney General Xavier Becerra released proposed regulations to implement the California Consumer Privacy Act. These regulations focus on one aspect of the CCPA, the consumer’s new rights under the law, and give businesses guidance on how to effectuate these rights and comply with the law. This now triggers the process of public comment and finalization of the rule, which will extend into 2020.

Understanding the CCPA, part 1

Background and politics

Published on

In June of 2018, on the last day to qualify ballot measures for the 2018 ballot, California adopted AB 375, the strongest privacy law in the nation. The new law is modeled somewhat on the European Union General Data Protection Regulation (GDPR), which famously purports to give customers the “right to be forgotten,” and gives consumers several new rights, aiming to bring more control and transparency to the murky trade and use of people's personal data. It also, for the first time, provides consumers with the ability to sue companies that mishandle their data without ever having to prove harm due to the misuse.

Published on

The type of biometric privacy lawsuit filed last month against a Hilton Hotel in Chicago is a harbinger of privacy litigation to come—but a very similar case is not likely to come soon to California, where the recently minted California Consumer Protection Act (CCPA) excludes employees like the plaintiff against Hilton.

Pages