Tripling of Required Data Broker Disclosures Complicates Calif. Compliance
California added to companies’ increasing worries “about being viewed as ‘selling’ personal data” earlier this month when Gov. Gavin Newsom (D) signed an update to the California Delete Act, Sheppard Mullin attorneys Lissa Thomas and Kathryn Smith blogged Thursday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Starting Jan. 1 under the recently enacted SB-361, data brokers must disclose to the California Privacy Protection Agency (CPPA) more types of personal information in their state registrations, including email addresses, login or account information, government ID numbers and citizenship data, biometric data and mobile advertising IDs (see 2510090010).
“For covered entities, the amendment will add to compliance complexities,” wrote Thomas and Smith. “Currently, data brokers must disclose when registering if they collected five different kinds of information,” including children’s data and reproductive health information. “That list has now been almost tripled.”