Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

CCPA Update: Analyzing Articles 5 and 6 of the AG’s Proposed Regulations

By David M. Stauss
CCPA
January 14, 2020

In a prior article, we analyzed Articles 1 through 4 of the California Attorney General’s proposed California Consumer Privacy Act (“CCPA”) regulations. This article discusses Article 5 (Special Rules Regarding Minors) and Article 6 (Non-Discrimination).

Before we turn to our analysis, it is worth discussing where we stand with the CCPA and its implementing regulations. The proposed regulations were originally published in October 2019. The AG’s office subsequently held a series of public hearings on the regulations and solicited written comments. That process ended on December 6, 2019, and the AG’s office is expected to issue final regulations shortly. The CCPA went into effect on January 1, 2020, which means that businesses should, at a minimum, be updating their online privacy policies and accepting and responding to consumer requests. However, the Attorney General’s office cannot enforce the CCPA until July 1, 2020. 

With that background, we now turn to analyzing Articles 5 and 6.

Article 5. Special Rules Regarding Minors

As a starting point, § 1798.120(c) (as amended) of the CCPA provides that “a business shall not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of consumers at least 13 years of age and less than 16 years or age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s personal information.” Stated differently, businesses cannot sell the personal information of California residents under 16 unless they have an opt-in to that sale. That opt-in must come from the parent (if the resident is under 13) or the consumer (if the resident is 13 and less than 16). Further, if a business willfully disregards the consumer’s age, it “shall be deemed to have had actual knowledge of the consumer’s age.”

In turn, Article 5 of the regulations attempts to operationalize those statutory requirements. First, § 999.330(a) provides the process for opt-ins of minors under 13. It requires businesses to “establish, document, and comply with a reasonable method for determining that the person affirmatively authorizing the sale of the personal information” is the parent or guardian of that child. The regulation then identifies six methods that are reasonable, including collecting a signed parental consent form, having a parent call a toll-free telephone number and checking a parent’s government-issued identification against databases of such information.

With respect to receiving opt-ins from minors between 13 and less than 16, § 999.331 requires businesses to establish a “reasonable process,” which should be consistent with the business’s process for obtaining opt-ins of adults after they have opted-out of sales.

Finally, businesses must describe these procedures in their privacy policies.

Article 6. Non-Discrimination

By way of background, § 1798.125 of the CCPA prohibits a business from discriminating against a consumer because the consumer exercised any of his/her CCPA rights. That includes denying goods or services, charging a different price, or providing a different level or quality of goods or services. However, a business can charge a consumer a different price or rate or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to the business by the consumer’s data. Businesses also can offer financial incentives for the collection or sale of personal information as long as the financial incentive is not unjust, unreasonable, coercive or usurious in nature.

In turn, Article 6 of the regulations does not provide much more insight into how the anti-discrimination provision will operate and, in large part, just reiterates the statute. It also is unclear whether, prior to being published, the regulation was updated to reflect one of the final amendments to the CCPA, namely, that the different treatment or financial incentive must be reasonably related to the value provided to the business by the consumer’s data. The pre-amended version provided that it must be reasonably related to the value provided to the consumer by the consumer’s data. Section 999.337 of the regulation still uses the pre-amended phrase (although it appears to try to link that phrase to the amended phrase).

In any event, the regulation requires businesses to “use and document a reasonable and good faith method for calculating the value of the consumer’s data” and provides eight proposed methods, including the “marginal value to the business of the sale, collection or deletion of a consumer’s data or a typical consumer’s data” and the “revenue generated by the business from sale, collection, or retention of consumers’ personal information.”

Conclusion

As discussed, it is anticipated that the AG’s office will publish final regulations at any time. In the meantime, the AG’s proposed regulations (along with the text of the CCPA) provide businesses with the best means by which to drive compliance.

KEYWORDS: California Consumer Privacy Act (CCPA) cyber security cybersecurity federal requirements privacy concerns

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

David stauss

David Stauss is a partner at Husch Blackwell LLP and co-leader of the firm’s privacy and data security practice group. David regularly assists clients in preparing for and responding to data security incidents, including managing multi-state breach notifications. He also regularly counsels clients on complying with existing and emerging privacy and information security laws, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA) and state information security statutes. To stay up to date on these issues, subscribe to Husch Blackwell’s privacy blog. Stauss can be reached at david.stauss@huschblackwell.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC1219-Edu1-Feat-slide1_900px

    CCPA Update: Analyzing the AG's Proposed Regulations

    See More
  • SEC0219-data-Feat-slide1_900px

    CCPA update: Analyzing the changes to the final CCPA Regulations

    See More
  • cyber freepik

    CCPA update: New regulations approved

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing