Deletion Completion Under the CCPA

2019_12_01_18_26_14

Deletion Completion Under the CCPA

.

Locke Lord Publications

.

The effective date for the California Consumer Privacy Act (CCPA) is January 1, 2020. With fewer than 60 days remaining, covered businesses must be ramping up to meet the requirements of the CCPA. The CCPA affords several rights to California residents (as the term “consumer” is defined by the Act) as to personal information collected by a covered business. Among these rights is: (1) the right to request disclosure of personal information collected and uses therefor (§ 1798.110(a)); (2) the right to request deletion of personal information collected by the covered business (§§ 1798.105(a) and (c)); and (3) the right to receive that information from the covered business (§ 1798.100(d)).1

.

This article focuses on the second – the consumer’s right to request deletion of personal information, often called the “right to be forgotten.” This right obligates covered businesses, which must obligate their service providers. Under § 1798.105:

.

(a) A consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.

.

* * *

.

(c) A business that receives a verifiable consumer request to delete the consumer’s personal information pursuant to subdivision (a) of this section shall delete the consumer’s personal information from its records and direct any service providers to delete the consumer’s personal information from their records.

.

If the Proposed Regs are adopted, we note that before any information is deleted, the covered business must acknowledge within 10 days the receipt of the verifiable consumer request to delete. See Proposed Regs § 999.313(a).

.

 

Read the Complete Article on the Locke Lord Blog

E-Signature Laws Provide Legal Framework For Blockchain

Brian Casey

By Brian Casey

 

Today, there is certainly much hype and hope for successful deployments of distributed ledger, or blockchain, technology especially in the cryptocurrency world. There also seems to be a general perception that there is not a clear, or even an existing legal framework for blockchain transactions, be they commercial or consumer in nature. While there are certainly specific laws that can apply to particular types of blockchain-based transactions, such as federal and state securities laws in the case of cryptocurrency initial coin offerings, many blockchainers may not realize that there is an existing legal framework that readily accommodates a broad base of blockchain transactions; these are state, and in a few cases, the federal, electronic signatures and records laws.

 

Locke Lord blog Sept

These laws apply across many industries, including banking, structured finance, consumer finance, manufacturing and distribution of commercial and consumer goods, but, to make my points concrete, I am going to explain how to apply this framework to an insurance product given my insurance industry focus.

 

The federal electronic signature law, the Electronic Signatures in Global and National Commerce Act,[1] applies only in the three states that have not adopted the model state-based electronic signature law, known as the Uniform Electronic Transactions Act.[2] ESIGN provides for reverse preemption of itself and defers to UETA.[3] Therefore, UETA, which has been adopted in 47 states, is the primary law of the land, which establishes that electronic signatures, formation of electronic contracts, electronic delivery of documents required to be delivered in writing (irrespective of whether they require a signature) and satisfaction of written record retention requirements through electronic records cannot be denied legal effect on the basis of their electronic nature. Therefore, the focus of this article is on UETA and its relationship to blockchain transactions and distributed ledger technology used to create these transactions.

 

Many insurers have relied upon UETA to implement the use of electronic signatures for new insurance policy applications and to satisfy their obligation to deliver insurance policies in written form via electronically delivered insurance policies.

 

To understand why UETA applies to blockchain created transactions, it is important to recognize what types of transactions might be effectuated thereby and the key concepts in and rules established by UETA. Blockchain enabled transactions might include the electronic signature of electronically created contracts, the electronic delivery of documents, the automatic execution of a “smart contract’s” provisions that are triggered when agreed upon third party data, or oracles, enter the blockchain. Blockchains can also serve as the electronic repository for data and records entered into them. The drafters of UETA recognized the concept of a digital asset token in 1999, stating that “[t]he technology has yet to be developed which will allow for the possession of a unique electronic token embodying the rights associated with a negotiable promissory note. Section 16’s concept of control is intended as a substitute for possession.”[4]

 

UETA is intentionally designed to accommodate the advent of future technologies. To be sure, [UETA] has been drafted to permit flexible application consistent with its purpose to validate electronic transactions. [UETA’s] provisions… validating and effectuating the employ of electronic media allow the courts to apply them to new and unforeseen technologies and practices. As time progresses, it is anticipated that what is new and unforeseen today will be commonplace tomorrow. Accordingly, this legislation is intended to set a framework for the validation of media which may be developed in the future and which demonstrate the same qualities as the electronic media contemplated and validated under this Act.[5]

 

User Authentication

Identifying and authenticating electronic signatories is not a new issue or that difficult of a challenge or process. Many businesses using online means for obtaining and receiving electronically signed records from their customers already use customer authentication procedures, such as “shared-secrets” where by a new consumer is authenticated by answering online questions which evoke personal data that would most likely only be known by the consumer (sometimes this data is sourced directly from a consumer report provided by a consumer reporting agency); furthermore, for existing customers, many businesses, especially those in the financial services and insurance industries, customer authentication is a regular business function because of privacy and anti-money laundering compliance obligations. So, the point is that most businesses using e-signature technology already get the authentication issue, and applying that in the blockchain context should be relatively simply.

 

Electronic Signatures

UETA (and ESIGN) provide that electronic contracts and other signed records cannot be denied their legal effectiveness solely because they were created by e-signatures. Thus, to the extent a contract or other document is signed by a user through an (electronic) blockchain, UETA (and ESIGN) step in to support the legality of blockchain effected e-signatures.

 

This article was originally published on June 13, 2018 by Locke Lord as a Law360 article written by Brian Casey. Click the button below to View or Download the Complete Article: