What You Need to Know About the California Consumer Privacy Act

Home/Business & Marketing Trends/What You Need to Know About the California Consumer Privacy Act

**Disclaimer: We are not attorneys and this should not be considered legal advice. Please speak to your legal counsel to learn how the California Consumer Privacy Act effects you and your business.

In the wake of data breaches and selling data, privacy has been the main focus of consumers. The European Union has already taken steps by implementing the General Data Protection Regulation (aka GDPR) to protect its citizens and give them rights to their data. Now, the State of California has passed the California Consumer Privacy Act, which gives California residents the right to know who owns your personal data, what categories of data they collect, and what information is sold if a business sells your data.

The law does not go into effect until January 2020, which gives companies throughout the United States and California to be compliant, but we have broken down the main points to be ready once compliance rolls around.

Who Does it Affect

This new legislation affects businesses that earn $50,000,000 a year in revenue, sell 100,000 consumer’s records each year, or derive 50% of their annual revenue by selling personal information. This also applies to businesses that collect or sell Californian’s personal information regardless if they are located in California, another state, or in a different country.

Ownership of Personal Data

If you collect any personal information, the consumer has a right to request the categories of personal information being collected, including any children. Aside from that, businesses have to disclose annually the categories of personal information they have collected on the consumer, their devices, and their children. If you are selling the data, you must notify the consumer which categories of personal information are being sold and to whom it is being sold.

Consumers have the right to deny any sharing or selling of personal data.

Control of Personal Data

Consumers are protected from being discriminated against if they choose to deny having their information shared or sold. Meaning, businesses cannot charge more, deny access of services, or change the quality of services provided. Consumers should be able to click a link that states “Do not sell my data” if they do not want their data sold. This has to be displayed as the bottom of every website page that collects information and cannot be hidden in a privacy policy.

If the consumer provides authorization for sale, even after saying no, then the business may sell that data.

Security of Personal Data

Under current California law, business are required to have “reasonable security measures” to protect the personal information of California residents. The California Consumer Privacy Act increases these fines and penalties for violations of the existing law. Consumers also have the right to sue businesses directly for security breaches of consumer data, even if the consumers cannot prove if they have been affected by it.

With California ranked as the largest state by population, it will be interesting to see how this will change business practices and hopefully inspire the rest of the United States to follow suit with similar laws that protect consumers. As always, consult with your legal counsel if you have any additional questions regarding how this new regulation specifically pertains to you and your business.

2018-07-02T20:09:23+00:00 July 2nd, 2018|