On January 1, 2020, the California Consumer Privacy Act went into effect. U.S. businesses should take steps to prepare now if they haven’t done so already. The new regulations could have a significant impact on businesses, whether or not they’re based in California.
What Is the Privacy Act?
The California Consumer Privacy Act (CCPA) was signed into law on June 28, 2018. In some ways, it is similar to the General Data Protection Regulation which went into effect in the European Union in 2018.
The CCPA gives consumers the following four rights:
- The right to know how their personal information is being used. This includes how a business collects, uses, shares and sells personal information. A consumer can also request to know the specific pieces of personal information a business has.
- The right to delete their personal information. A consumer can request for their personal information to be deleted by the business as well as any direct service providers.
- The right to opt out. Consumers have the right to tell businesses not to sell their personal information. For minors under the age of 16, information cannot be sold unless the minor (or guardian, if the minor is under 13) opts in.
- The right not to be discriminated against. Businesses cannot discriminate against consumers who exercise their rights under the CCPA.
Which Businesses Will Be Impacted?
Because California has the fifth largest economy in the world, and many businesses have customers who reside in California, this law is expected to have wide-reaching consequences.
The CCPA applies to any business that meets any of the following criteria:
- It has an annual gross revenue of more than $25 million.
- It buys, sells or shares personal information from more than 50,000 consumers, households or devices per year.
- It derives at least half of its annual revenue from selling consumers’ personal information.
How Can Businesses Prepare?
To prepare for the new law, businesses should review their processes for collecting and sharing personal information, as well as how this is disclosed to consumers and how consumers can make requests regarding their personal information.
Businesses should also read over the full text of the law and consult with a legal expert to see which requirements apply and how to adhere to them. These are some of the requirements:
- Providing information about online privacy policies and consumer rights.
- Providing adequate methods for consumers to submit requests for information.
- Responding to requests for information promptly.
- Providing a way for consumers to opt out of having their information sold, without having to create an account.
The CCPA is considered to be one of the strictest consumer privacy laws in the United States. There are serious monetary fines for non-compliance. Start preparing now!