By: Elizabeth Magaña[i]
The California Consumer Privacy Act (“CCPA”) was signed into law on June 28, 2018, and went into effect January 1, 2020. The CCPA was later amended when California voters passed Proposition 24, the California Privacy Rights Act (“CPRA”). The California Privacy Protection Agency (CPPA) will begin enforcing the CPRA on July 1, 2023. Despite the number of resources available, including the uptick in privacy and software providers, businesses struggle with compliance and for good reason. This article will focus on a small important detail rarely, if ever, addressed in CCPA compliance articles.
Businesses across various sectors have neglected to establish a process to reimburse consumers for notary fees incurred for processing consumer requests submitted via an authorized agent. Under Section 999.301(c), California consumers may submit a CCPA request themselves or authorize another person, or business entity registered with the California Secretary of State, to submit a request on their behalf. Businesses may require documentation to prove that the consumer granted the agent permission to submit the request as permitted under CCPA. In practice, businesses generally request a power of attorney or require a notarized authorization form to prove an agency relationship exists between the parties and the CCPA request has been duly authorized.
Notarization requires a meeting with a notary and a notary fee. The use of authorized agents was meant to eliminate the administrative burden borne by consumers exercising their CCPA rights. However, this administrative burden has now been replaced with an economic one. Fortunately, the CCPA addresses this concern. The CCPA explicitly notes that companies need to reimburse consumers for expenses such as notary fees. Despite this clear provision regarding notary fees, many businesses have not implemented protocols to process receipts and issue reimbursements.
As someone who has submitted thousands of consumer requests as an authorized agent, corresponded with hundreds of privacy departments, and spoken to several representatives, the process is frustrating. The representatives answering their businesses’ privacy hotlines are insufficiently trained to answer CCPA related questions. There were a few instances when representatives inadvertently provided misinformation. This was only evident because I had studied the CCPA (line by line) in a prior semester. It is unreasonable to expect a consumer to similarly do this when the CCPA scores a Flesh-Kincaid Grade Level of 15.6, Flesch Reading Ease Score of 23.4, and college graduate (“very difficult to read) reading level.
One example of this misinformation exchange was when a representative informed me that their business did not reimburse consumers for notary fees associated with consumer requests. In another instance, a representative walked me through the process of locating the reimbursement form on their website to find out it only then it was meant for an entirely different reimbursement. These workers appear to be relying on scripts containing misinformation to address these types of concerns.
It remains clear that businesses need to invest more in their privacy programs. This includes more training for employees and workers, amending privacy policies to include a notary fee reimbursement process, and modifying privacy portals to ensure such receipts are accepted for processing.
 Elizabeth is a 3L and future privacy professional. She is an Assistant Section Editor at the Santa Clara Business Chronicle and recently co-authored an article on the privacy related implications of synthetic data. Learn more about her at LinkedIn.