CCPA: Ambiguities, clarities, and new obligations
CCPA: Ambiguities, clarities, and new obligations
PODCAST

CCPA: Ambiguities, clarities, and new obligations

Steve Stein, Jim Lai, and Nick Schmidt talk about the newly released California Consumer Privacy Act (CCPA) implementation guidelines.

We’ve podcasted a lot recently about the California Consumer Privacy Act (CCPA) and its implications for businesses in every U.S. state. That’s because there’s so much at stake with compliance around the regulations – particularly data service fulfillment requests, or DSRs – which go into effect on January 1, 2020, and will be enforced as of July 1, 2020.

Although there was considerable lack of clarity among many of the requirements when the Act was passed in mid-2018, The California Attorney General’s office in mid-October 2019 released long-awaited implementation regulations.

During this podcast, Steve Stein, co-lead of KPMG’s U.S. Information Governance and Privacy practice, and Jim Lai and Nick Schmidt, members of the firm’s Cyber Risk group, sat down to discuss the implications of the newly released implementation requirements on the top three components of the Act:

  • notices businesses need to provide to consumers – and areas in which there’s more clarity, more ambiguity, and new obligations
  • practices for handling consumer requests – and why the apparent 2-tiered system came as a surprise to nearly everyone
  • verification of requests – particularly around use of third-party identifiers.
Steven Stein

Steven Stein

Principal, Cyber Security, KPMG US

Jim Lai

Jim Lai

Manager, Cyber Security Services, KPMG US

Nicholas Schmidt

Nicholas Schmidt

Sr Associate Advisory, Cyber Security Services, KPMG (US)