What is CCPA?

California Consumer Privacy Act

Recent news about data breaches and perceived mis-use of personal data handling has caused growing global consumer distrust in how their personal information is being managed. In response, in 2018 the European Union enacted the General Data Protection Regulation (GDPR); a sweeping landmark law protecting consumers data privacy rights. California followed suit by passing the California Consumer Privacy Act (CCPA) marking it the first state to meaningfully address these growing consumer concerns. A broad summary of key provisions are highlighted below.

Penalties

The stakes are high with fines up to $7,500 per consumer failure and estimated total state privacy expenditures of $5B by 2023

Who is Impacted?

Generally, any for-profit businesses conducting business in California or who collects or processes personal consumer data of California residents AND who also meets one of the following criteria is impacted:

  • Revenue $25MM+ OR
  • Data of 50,000 Californian consumers, OR
  • Derives 50%+ of revenue selling (renting, disclosing, transferring etc.) consumer data

What New Rights Do Consumers Have?

The intent of the CCPA is to provide consumers with greater control over how their personal data is used. Consumers will have the right to:

  • Request what personal data that is being collected about them and with whom it is being shared.
  • To opt-out of the “sale” of their data.
  • Request that their data be deleted by the business.
  • Right to equal service and price.

What Must You Do?

Beginning January 1, 2020, impacted companies will need to add prominent consumer disclosures and provide new mechanism for consumers to access and consent to the use of their Personally Identifiable Information (PII). For many companies, this will be a sea change in terms of their customer service requirements. It will also require a broadened definition of what PII is