The Next Chapter in US Consumer Privacy starts with the California Consumer Privacy Act (“CCPA”). The CCPA has broad application, strict compliance requirements, penalties for non-compliance, and takes effect January 1, 2020.

Buchalter
Contact

Buchalter

WHAT IS THE CALIFORNIA CONSUMER PRIVACY ACT?

The CCPA is a consumer protection regulation that gives all California residents strong privacy rights that companies are required to honor.

WHO NEEDS TO COMPLY?

A company is obligated to comply with the CCPA, if it (i) collects personal information (“PI”) from a California resident; (ii) conducts business in California; and (iii) meets any of these annual thresholds:

  • Gross revenue of $25 million;
  • Gathers information from more than 50k California households, users or devices; and/or
  • Derives 50% or more of revenue from selling PI.

A GLIMPSE INTO COMPLIANCE

CCPA compliance is multi-faceted.  Three major compliance requirements are: (1) the CCPA requires covered companies to limit the “sale” of PI to third-parties (the sale of PI is defined very broadly and means any transfer of PI capturing common tools such as Google Analytics); (2) covered companies must place a “Do Not Sell My Information” link on all pages collecting PI; and (3) covered companies must be able to delete PI upon request (under certain circumstances).

POTENTIAL VIOLATIONS

The focus of the CCPA is on the traditional U.S. concept of PI (e.g., name with account number, social security number, etc.). Liability arises from “unauthorized access and . . . disclosure [resulting from a business’s unreasonable] security procedures and practices . . . .” This includes concepts typically described as “leaks” rather than “breaches” and does not require allegations of harm.

THE PENALTIES

Civil fines of up to $7500 per CCPA violation and $750 per each record compromised in a data breach.

Important Note: California AG Becerra introduced an amendment in February that would permit private right of actions by individual plaintiffs, which has yet to become law.

TIME IS RUNNING OUT!

The CCPA takes effect on January 1, 2020 and is set to be enforced by the California Attorney General in July 1, 2020.

Important Note: The law requires covered companies to describe their privacy practices for the prior twelve months in notices and disclosures, potentially creating an effective “look-back” period to January 1, 2019.

You may view the CCPA as amended at this link.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Buchalter | Attorney Advertising

Written by:

Buchalter
Contact
more
less

Buchalter on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.