In January 2020, the California Consumer Privacy Act (CCPA) will take effect. Similar to the General Data Protection Regulation that went into effect in the European Union (EU) in 2018, the CCPA will give California consumers sweeping control over their personal data. While the law only protects those who reside in California, it does not mean that you only need to pay attention to the security of consumer data if your company is located there. Here’s what you need to know to make sure you and your consumers are protected under the California Consumer Privacy Act.
How do you comply with the California Consumer Privacy Act?
The CCPA grants CA consumers ten basic rights, but here’s a general summary:
The right to know what type of personal information your business has collected about them, where the information came from, what you’re doing with it, if you’re disclosing or selling it, and to whom.
The right to say no. Consumers have the right to completely opt out of your being able to sell their information to a third party.
The right to delete any and all data or personal information they have posted.
The right to fair treatment without discrimination no matter if they exercise their rights under the CCPA or not. Your business cannot treat these consumers differently because of their decisions regarding their privacy.
Also noteworthy, children under 16 must opt in manually in order for businesses to be able to sell their information to third parties.
Whom does the California Consumer Privacy Act affect?
While the CCPA only protects consumers in California, most for-profit businesses will be impacted by it going into effect. Your business does not have to be located in California for this to matter to you. If your company deals in consumer data and has customers in California, then this law impacts you.
How does the California Consumer Privacy Act impact me?
If your company already made provisions and changes when the GDPR came into effect, you may have some of the necessary infrastructure for compliance with the CCPA. Your data protection and data rights infrastructures must comply with the law for CA citizens. You can develop an infrastructure that handles California resident data differently than the rest of the country, or you can reform all of your regulations to cover all consumers, without trying to offer a different online experience for consumers depending on where they reside. The law also contains a 12-month “look-back period” so when the law goes into effect on January 1, consumers can access data going back to January 1, 2019.
What happens if I don’t comply with the California Consumer Privacy Act?
Financial penalties are at stake if you do not comply with the law when it goes into effect on January 1, 2020. If there is a breach, you could be fined $100-$750 per consumer, per incident. If the attorney general is involved, this fine can go up to $7,500 per incident.
If your company is not already compliant with these new standards, it is important to put a plan in place to make sure your data protection requirements are in place sooner rather than later to avoid fines and scrutiny from unintentional breaches.
The contents of this website are intended to convey general information only and not to provide legal advice or opinions. An attorney should be contacted for advice on specific legal issues.