Will California Consumer Privacy Act Kill the Newsletter?

My understanding is that you should make sure that you have a service provider [0] contract in place with your mail provider and that they have easy to use tools for you to opt-out and delete subscribers info.

There is also a need to make sure data is being appropriately stored by the service provider since you have a "duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information" [1].

I'd start by digging into how the mail provider is approaching compliance and security and whether they are planning to get certified.

--

[0] Section 999.314 of the proposed regulations from AG https://hq.services/blog/ccpa-proposed-regulations/#999.314

[1] Section 1798.150 of CCPA https://hq.services/blog/ccpa-full-text-with-amendments/#179...

Note, the above links are to a version of the regulation that my company formatted to be easier to read. The original versions are here if you'd prefer:

[0] https://www.oag.ca.gov/sites/all/files/agweb/pdfs/privacy/cc...

[1] https://leginfo.legislature.ca.gov/faces/billCompareClient.x...

From the statute, address issues promptly and you're in good shape:

A business shall be in violation of this title if it fails to cure any alleged violation within 30 days after being notified of alleged noncompliance.

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

As a user, my email is not worth $750. Where did they come up with this number? Now if we are talking SSN...I could justify $750.