The California Consumer Privacy Act has four major prongs intended to protect consumer’s privacy while also allowing consumers to use services provided by companies that share and sell data. In general terms, businesses will need to tell customers what type of data they collect, what they disclose or sell, and what purpose they use the data for. Businesses may also be required to erase data and, in more limited circumstances, allow customers to “opt out” of certain usages.
The California Consumer Privacy Act governs three different types of data usages: collection of data, disclosure of data, and sale of data. It is important for businesses, including auto dealers, to know not only what type of data they are collecting, but what use they intend to put it to, as their duties under the law depend on the data usage.
The California Consumer Privacy Act applies to “personal information” of a consumer, broadly defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Data covered includes, but is not limited to, traditional identifiers like name, postal address, email address, driver’s license numbers, and social security numbers. It also personal characteristics such as age, race, or national origin; commercial information such as records of purchases of goods or services; biometric data; Internet or other electronic network activity; geolocation data; professional or employment-related data; and education information. However, “publicly available information,” defined as information lawfully made available from federal, state or local government records.
Big tech companies are the clear target of the California Consumer Privacy Act, but its reach is much wider than just Silicon Valley. The threshold question, therefore, for each business looking at CCPA compliance, including auto dealerships, is whether the law applies to them. Not all businesses are covered by the CCPA; understanding whether your is will be key.
On October 10, 2019, California Attorney General Xavier Becerra released proposed regulations to implement the California Consumer Privacy Act. These regulations focus on one aspect of the CCPA, the consumer’s new rights under the law, and give businesses guidance on how to effectuate these rights and comply with the law. This now triggers the process of public comment and finalization of the rule, which will extend into 2020.
Scali Rasmussen Managing Partner Christian Scali has been recognized for his accomplishments as a leading attorney within the Los Angeles business community and selected as a nominee forthe Los Angeles Business Journal’s Leaders in Law Awards.
In June of 2018, on the last day to qualify ballot measures for the 2018 ballot, California adopted AB 375, the strongest privacy law in the nation. The new law is modeled somewhat on the European Union General Data Protection Regulation (GDPR), which famously purports to give customers the “right to be forgotten,” and gives consumers several new rights, aiming to bring more control and transparency to the murky trade and use of people's personal data. It also, for the first time, provides consumers with the ability to sue companies that mishandle their data without ever having to prove harm due to the misuse.
A recent California Court of Appeal decision stresses the importance of evidentiary rulings in jury trials, and it demonstrates what types of evidence may be found admissible (or inadmissible) in sexual harassment cases. In Meeks v. Autozone Inc. et al., a female employee sued her employer and one of its managers for claims of sexual harassment, failure to prevent sexual harassment, and retaliation in violation of the Fair Employment and Housing Act. The employee, a manager, alleged that she had been harassed by another manager over an extended period of time and that, when she complained, she was threatened with termination if she did not “squash” her complaint. The trial court dismissed the employee’s retaliation claim, finding that no reasonable juror could find in the employee’s favor, and the jury returned verdicts for the employer on the remaining causes of action.
The Federal Trade Commission in March of 2019 proposed new changes to its Safeguards Rule, which dictates how a financial institution must protect consumer data. In a recent statement the National Automobile Dealers Association opposed the proposed Rule change, citing a study that indicates that the rule change would impose hundreds of thousands of dollars in additional costs on dealers of all sizes. For California dealers that are facing compliance with the California Consumer Privacy Act, though, the question is whether the proposed change to the Rule would impose changes that differ significantly from CCPA requirements.
For decades the National Highway Transportation Safety Administration (NHTSA) has required a “wet signature” on an odometer disclosure for sales of vehicles 10 model-years old or less. That era came to an end this September as NHTSA released its final rule allowing states to develop new odometer disclosure forms that may use an electronic signature. The rule also expands the disclosure requirement to cover vehicles 20 model-years or less. However, for California dealers there remain state laws to prevent fully electronic vehicle sales, and therefore additional steps before California can move into the electronic future.