Analysis: Draft CCPA Regulations Fail to Clarify AmbiguitiesPrivacy Attorney Sadia Mirza Says Some Provisions Remain Unclear
Draft regulations to carry out the California Consumer Privacy Act do not go far enough to clarify ambiguities in the law, which goes into effect Jan. 1, 2020, says privacy attorney Sadia Mirza of the law firm Troutman Sanders.
In an interview with Information Security Media Group, she offers examples.
"Under CCPA, sale of data is defined as any disclosure of personal information in exchange of monetary or valuable consideration," she notes. "If a business is selling personal information, it has to give consumers the ability to understand the circumstances to opt out of that sale." But even with the release of the draft regulations, there's still no clarity on what "valuable consideration" means, she says.
In this interview (see audio link below photo), Mizra discusses:
- Specific requirements under CCPA impacted by the regulations;
- Why the regulations come up short in clarifying ambiguities;
- How organizations should prepare to comply;
- Why it's important to review the draft regulations and submit comments before they are finalized.
Mirza is an attorney with Troutman Sanders, where she handles the firm's cybersecurity, information governance and privacy practice group. She has extensive experience in cyber law and privacy matters.