The California Consumer Privacy Act -- a data privacy law that imposes new obligations and regulations on businesses with consumer customers located in California, regardless of where the company’s headquarters is -- took effect Jan. 1.
The law, the first of its kind in the U.S. , is unlikely to be the last.
The law applies to for-profit companies that conduct business in California and meet at least one of the following criteria: annual gross revenue exceeding $25 million; gather or disclose annually the personal information of 50,000 or more consumers, households, or devices; derive 50% or more of annual revenue from selling California residents’ personal information.
Not subject to the law are banks, healthcare providers, credit-reporting agencies, and background-screening companies subject to the Fair Credit Reporting Act. The CCPA doesn’t apply to service providers to financial institutions, business associates of healthcare providers, or end users of consumer reports.
Failure to comply can result in injunctions and civil penalties of up to $2,500 for each violation, or up to $7,500 for each intentional violation. With penalties tallied by the number of individual consumers who don’t have access to the company’s privacy policy, the numbers can add up quickly for companies with websites that have heavy traffic.
What rights do consumers in California have under the law? Basically, a right to know what personal information companies collect about them, their children and their devices; and to whom these companies are selling that data.
Consumers have the right to access their own personal information, and the right to request the company delete the data. California consumers can tell companies not to sell their personal information to third parties without the fear of the company retaliating.
The CCPA is not a one-off. Much like the European Union’s General Data Protection Regulation, the CCPA is a sign of things to come, and more states are sure to follow suit. Consumers are demanding improved data-privacy rights, and they are getting them.
Look to LRN for more on what this law means for organizations, and and what steps to take to stay in front of it.