Section 1798.99.85 - Requirements for data brokers(a) On or before July 1 following each calendar year in which a business meets the definition of a data broker as provided in this title, the business shall do all of the following:(1) Compile the number of requests pursuant to subdivision (c) of Section 1798.99.86 and Sections 1798.105, 1798.110, 1798.115, 1798.120, and 1798.121 that the data broker received, complied with in whole or in part, and denied during the previous calendar year.(2) Compile the median and the mean number of days within which the data broker substantively responded to requests pursuant to subdivision (c) of Section 1798.99.86 and Sections 1798.105, 1798.110, 1798.115, 1798.120, and 1798.121 that the data broker received during the previous calendar year.(3) Disclose the metrics compiled pursuant to paragraphs (1) and (2) within the data broker's privacy policy posted on their internet website and accessible from a link included in the data broker's privacy policy.(b) In its disclosure pursuant to paragraph (3) of subdivision (a) regarding requests made pursuant to subdivision (c) of Section 1798.99.86, a data broker shall disclose the number of requests that the data broker denied in whole or in part because of any of the following: (1) The request was not verifiable.(2) The request was not made by a consumer.(3) The request called for information exempt from deletion.(4) The request was denied on other grounds.(c) In its disclosure pursuant to paragraph (3) of subdivision (a), a data broker shall, for each provision of Section 1798.145 or 1798.146 under which deletion was not required, specify the number of requests in which deletion was not required in whole, or in part, under that provision.Ca. Civ. Code § 1798.99.85
Added by Stats 2023 ch 709 (SB 362),s 5, eff. 1/1/2024.