California Attorney General Xavier Becerra issued updated proposed regulations that lay the groundwork for fully implementing and enforcing the California Consumer Privacy Act (CCPA). The update comes on the heels of over 200 public comments being submitted to the state in December as companies and industries of all types readied compliance with the CCPA, which officially took effect on January 1, 2020. NMHC and NAA both submitted comments seeking changes and clarifications to be made to the underlying regulations.
NMHC filed comments highlighting the unique complexities of compliance for the industry and noting the unintended new risks that CCPA created on the privacy and security of consumer data. NMHC argued that those challenges can be addressed through clarifications and amendments to the Proposed Regulations.
The Attorney General’s update incorporates some, but not all, of the industry’s requests ensuring that compliance with the CCPA will remain a challenge. One substantial area that the Attorney General ultimately agreed with NMHC members, and then put forward industry-submitted language, is in how requests to access or deletion of household information is handled. Apartment owners and operators rightly pointed out concerns with potential troublesome circumstances emerging from ex-roommates or ex-partners becoming privy to private information by having the “household right” to know or delete personal information on all members of that household. In agreeing with the industry, the Attorney General now says a business should not delete personal data or respond to a "Right to Know" request unless a household has a password-protected account or each member of the household signs onto the request.
NMHC and NAA are continuing to review the new proposed regulations and consulting with apartment owners, operators and suppliers in anticipation of additional comments being due February 25. NMHC’s outside legal counsel on privacy matters, Manatt Phelps, prepared the industry’s comments on CCPA and issued a more general update that identifies additional changes that were ultimately made.
Because of the complexity of businesses complying with a growing patchwork of data breach notification, security and now privacy standards across the country, NMHC and NAA are actively supporting a federal data security and privacy standard. A number of pieces of legislation have been introduced in Congress throughout 2019 and into 2020 yet definitive action remains uncertain at this time.
For more information on data privacy and security, please visit our advocacy page.