As we approach the California Consumer Privacy Act’s (CCPA) effective date of January 1, 2020, brick-and-mortar businesses that increasingly engage with consumers online will have to begin their compliance efforts. However, two challenges unique to brick-and-mortar businesses might hamper these efforts: (1) providing required disclosures to consumers before or at the point of data collection; and (2) knowing your data in a multi-channel environment.

The CCPA requires businesses to give consumers notice of their rights and/or data collection practices on three separate occasions: (1) in the online privacy policy [section 1798.130(a)(5)]; (2) “at or before the point of collection” [section 1798.100(b)]; and (3) in response to a verifiable consumer request. The later business obligation is straight forward. But providing privacy notices at or before the point of collection might be challenging for brick-and-mortar businesses.Continue Reading Compliance Challenges for Brick-and-Mortars Under the CCPA