You are likely to see privacy notice updates as the CCPA takes effect

Clarification: The CCPA does not apply to U-M. It does, however, apply to many service providers that the university contracts with and/or purchases from, such as Google and Box.

The information below was sent to the IT Security Community and Frontline Notify group via email on November 22, 2019.

Be aware that members of the university community are likely to start seeing updates and changes to privacy notices for online services they use through the university, as well as for their personal online services, as we near January 1, 2020. This is the date the California Consumer Privacy Act (CCPA) goes into effect. CCPA is a new data privacy law that applies to certain businesses that collect personal information from California residents. This activity is very similar to the activity we saw when the General Data Protection Regulation (GDPR) took effect in 2018.

Box, for example, recently described upcoming changes to its privacy notice in a blog post, BoxBlogs: Our commitment to your privacy. Other vendors that provide services to the university may also be making changes to their privacy notices and policies in the coming weeks and communicating about them.

Any communications that you receive about updates to vendor privacy policies and notices are for informational purposes only. No action is required. Information Assurance encourages everyone to be aware of the privacy notices and options of the services they use and to actively choose appropriate settings. 

References