**Disclaimer: We are not attorneys and this should not be considered legal advice. Please speak to your legal counsel to learn how the California Consumer Privacy Act effects you and your business.
In the wake of data breaches and selling data, privacy has been the main focus of consumers. The European Union has already taken steps by implementing the General Data Protection Regulation (aka GDPR) to protect its citizens and give them rights to their data. Now, the State of California has passed the California Consumer Privacy Act, which gives California residents the right to know who owns your personal data, what categories of data they collect, and what information is sold if a business sells your data.
The law does not go into effect until January 2020, which gives companies throughout the United States and California to be compliant, but we have broken down the main points to be ready once compliance rolls around.
Who Does it Affect
This new legislation affects businesses that earn $50,000,000 a year in revenue, sell 100,000 consumer’s records each year, or derive 50% of their annual revenue by selling personal information. This also applies to businesses that collect or sell Californian’s personal information regardless if they are located in California, another state, or in a different country.
Ownership of Personal Data
If you collect any personal information, the consumer has a right to request the categories of personal information being collected, including any children. Aside from that, businesses have to disclose annually the categories of personal information they have collected on the consumer, their devices, and their children. If you are selling the data, you must notify the consumer which categories of personal information are being sold and to whom it is being sold.
Consumers have the right to deny any sharing or selling of personal data.
Control of Personal Data
If the consumer provides authorization for sale, even after saying no, then the business may sell that data.
Security of Personal Data
Under current California law, business are required to have “reasonable security measures” to protect the personal information of California residents. The California Consumer Privacy Act increases these fines and penalties for violations of the existing law. Consumers also have the right to sue businesses directly for security breaches of consumer data, even if the consumers cannot prove if they have been affected by it.
With California ranked as the largest state by population, it will be interesting to see how this will change business practices and hopefully inspire the rest of the United States to follow suit with similar laws that protect consumers. As always, consult with your legal counsel if you have any additional questions regarding how this new regulation specifically pertains to you and your business.