With the California Consumer Privacy Act (CCPA) nearing implementation on January 1, lawmakers scrambled to enact last-minute corrections and moved to provide some clarity around how the law will be enforced. The CCPA has far-reaching consequences for businesses that operate in California or interact with its residents. Many apartment owners and operators are among the businesses impacted by the new requirements, which allow for greater consumer control over how and when their personal information is used. NMHC and NAA have been monitoring developments around the CCPA given the wide-ranging impact it is expected to have on the Multifamily industry.
Recently, California Governor Gavin Newsom signed several pieces of legislation that provide for last-minute fixes to the privacy law. Of the most notable are provisions that now exempt public information and employee information held by employers from the law and one that specifies that companies can provide consumers with an email address as opposed to a toll-free telephone number for consumers to make requests about their data.
California’s Attorney General, Xavier Beccera, also took action in recent days to launch a Notice of Proposed Rule Making (NPRM) on how the law will be implemented and also announced a series of public meetings in advance of the law taking effect. NMHC and NAA are currently reviewing the rule and will look to ensure that implementation does not unnecessarily burden apartment owners and operators. Comments on the rule are due by December 6, 2019.
The CCPA’s enactment comes as federal lawmakers have struggled to reach a compromise on a federal standard that would govern the handling of consumers’ personal data in the wake of a number of high-profile data security and privacy breaches. The CCPA’s enactment, coupled with similar, emerging standards in other states means owners and operators of Multifamily housing must take compliance seriously and ensure their data management programs are up-to-date.
To help member firms do so, NMHC recently issued a comprehensive white paper that includes practical considerations firms should undertake to make sure they are ready to comply with a range of common themes found in each of the notable privacy standards that exist today.