Amy Carlson, Soo Kang
The CCPA enumerates nine categories of exceptions to a consumer’s right to request deletion of personal information. Some of the exceptions – for example, the need to retain information to complete a commercial transaction – are relatively clear and straightforward. Others – for example, the need to comply with a legal obligation or internal uses reasonably aligned with consumer expectations – are less so. To illustrate: must a business delete personal information included in archived backup data copies? Or does a set of redundant backup data fall under any of the exceptions? Appreciating the circumstances under which these exceptions might apply will be critical to development of workable, compliant privacy programs and whether and to what extent an organization must alter its operations. This panel will address the statutory exceptions and any draft implementing rules, and offer practical insight concerning the scope and application of the exceptions, including drawing upon any lessons from application of exceptions to the right to erasure under Article 17 of the GDPR.
Amy Carlson, Senior Privacy Counsel, Motorola
Soo Kang, General Counsel and VP for Consulting, Zasio Enterprises