The deadline for reporting on the CCPA’s metrics is approaching

July 1, 2021 is the deadline for certain companies to meet metrics reporting requirements under the California Consumer Privacy Act of 2018 (“CCPA”). Section 999.317 (g) of the Regulations applies to any company subject to the CCPA that knows or reasonably should know that, alone or in combination for the Company’s commercial purposes, it buys, receives, sells, or shares for commercial purposes 10,000 personal information. 000 or more California residents in a calendar year.

Companies that are subject to the reporting requirement for key figures must disclose the following key figures for the previous calendar year by July 1 of each calendar year:

  • The number of requests for information that the company has received, fulfilled in whole or in part and rejected;
  • The number of deletion requests that the company received, fulfilled in whole or in part, and rejected;
  • The number of opt-out requests that the company received, fulfilled in whole or in part, and declined; and
  • The average or average number of days in which the company essentially responded to requests for information, deletion requests, and opt-out requests.

The metrics must be disclosed in the company’s privacy policy or posted on the company’s website and made available through a link in the company’s privacy policy. Businesses can compile metrics based on requests from all individuals or only from consumers (i.e., California residents). In the event that the company discloses metrics based on requests from all individuals, the California attorney general may request that the company provide the metrics to them based on requests from consumers.

Comments are closed.