Things You Should Know Leading Up to World Data Privacy Day 2020: New Privacy Rights for Consumers: What Businesses Need to Know About the California Consumer Privacy Act

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC

[co-author: Hannah Redmond]

On June of 2018 the California Consumer Privacy Act (the “CCPA”) was signed into law. Passed on the heels of the European General Data Protection Regulation, the CCPA vastly expands the data privacy rights of California residents. The CCPA became effective on January 1, 2020. The overriding purpose of the CCPA is to provide California’s consumers greater control over their personal information, promote transparency in businesses’ data practices, and safeguard against the misuse of consumer data. In furthering these goals, the CCPA provides privacy rights for consumers and imposes reciprocal obligations on businesses. As such, businesses collecting the data of California consumers may need to comply with the CCPA.

Businesses subject to the CCPA include for-profit entities that: (i) have annual gross revenues exceeding $25 million; or (ii) buy, sell, share, or receive the personal information of at least 50,000 consumers, households, and/or devices per year; or (iii) derive 50% or more of their annual revenues from selling consumers’ personal information. Importantly, the CCPA defines consumer as California residents only.

In an effort to provide consumers a greater degree of control over their personal information, the CCPA allows consumers to:

  • request that a business disclose what personal information is collected, from what sources, for what purpose, and to whom that information is given;
  • request that a business delete personal information unless retaining such information is necessary for a business purpose (i.e. completing a transaction or maintaining an on-going business relationship); and
  • “opt-out” of having their information shared, sold, or collected at any point.

A corollary of these consumer rights is that businesses must be prepared to meet consumer demands for disclosures and be equipped to handle requests for deletion or opt-out. The CCPA mandates significant changes for affected businesses. Businesses need to develop internal procedures for handling consumer requests and to modify privacy policies and websites to meet new CCPA obligations. Although certain one-year exemptions may temporarily reduce the burden of compliance for some businesses (see our latest post regarding these exemptions), these exemptions are limited in both scope and time. Any business subject to the CCPA is, therefore, encouraged to promptly take appropriate compliance steps.

Affected businesses were expected to be compliant as of January 1, 2020. Though enforcement actions may not be brought until July 1, 2020, the Attorney General of California may review a business’s compliance with CCPA as of January 1 when assessing penalties for violations of the law. As such, there is limited time for businesses subject to the mandates of the CCPA to remedy any compliance issues.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bond Schoeneck & King PLLC | Attorney Advertising

Written by:

Bond Schoeneck & King PLLC

Bond Schoeneck & King PLLC on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.