5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: March 21, 2023
Published: July 20, 2021
California's attorney general has reported his one-year enforcement metrics on the California Privacy Protection Act (CCPA).
On June 19, California Attorney General Rob Bonta issued a one-year enforcement update on the California Consumer Privacy Act (CCPA). While the law passed in January 2020, the attorney general’s office started enforcing it on July 1, 2020. Bonta also introduced a new online tool for consumers to contact businesses perceived to violate the law directly.
Bonta was optimistic about the CCPA’s efficacy to date in reporting the first-year metrics. He said once his office received a notification of an alleged violation, 75% of businesses made moves to come into compliance within the 30 days companies have to “cure” the situation, a right the CCPA regulations grant them. The rest have been notified and are still within the cure period, or under active investigation, the AG reported.
“Enforcement of the CCPA marks an enormous step for privacy protection in California, particularly at this time after the COVID-19 pandemic moved so much of our lives online. We’re happy to announce that we are seeing great progress with our CCPA enforcement, but there’s more work to be done,” said Bonta in a press release. “Plain and simple: Exercise your rights under the CCPA. Any Californian is empowered to opt out of the sale of their personal information online. Consumers can also join our enforcement efforts with our new Data Privacy Protection Tool that allows anyone to notice a business that appears to be out of compliance with CCPA.”
The CCPA was the first comprehensive consumer privacy law to pass in a U.S. state. It was a huge deal, because it put pressure on the federal government to push toward passing a U.S. privacy law before additional states pass bills. Since the CCPA won at the ballot box in California, Colorado and Virginia have enacted laws, and California itself passed what's frequently called CCPA 2.0, which will replace the CCPA in 2023. Companies, many of whom contribute a whole lot of cash to legislators in return for police votes that suit their needs, do not want to comply with 50 different privacy laws within one country. They'd much rather have one standard and then retrofit or build around it.
The attorney general’s new consumer privacy tool intends to allow consumers to alert businesses that don’t have a clear “Do Not Sell My Personal Information” link on their website. Under the CCPA, businesses that sell personal information must post “Do Not Sell” buttons clearly on their websites to allow consumers to opt out.
The tool is operational now, and the AG said it would likely be updated to notify businesses of other potential violations beyond the sell button. It asks consumers first to answer a series of six questions about the scenario to determine whether a violation could exist. Questions include whether the business is acting as a service provider for another company, whether it sells consumers’ personal information to third parties and whether the business’s “do not sell” button goes to information about opting out of the sale of personal information.
It also provides a draft notice form consumers can fill out and submit directly to the business.
“While consumers cannot sue businesses for more CCPA violations, sending a notice of noncompliance is useful,” the AG said in a press release, noting the attorney general can sue businesses that violate the CCPA if they don’t cure the violation within 30 days of notification of noncompliance. “That notice you send may satisfy the prerequisite.”
But not everyone is thrilled with the new reporting tool. In a Digiday story on the news, Jennifer B. Lee, a privacy attorney at Loeb and Loeb, said such a tactic “puts the consumer in the attorney general’s office and helps them in policing the function,” but it creates a bunch of questions. For example, does the 30-day window start when a consumer sends the letter? What about people using the attorney general’s draft notice form incorrectly and sending businesses what amount to “nuisance letters going out.”
It seems there’s a need for clarification from the attorney general for this to work if it’s going to work. We’ll be on the watch for that, and we’ll bring it to you when it happens.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.