Preparing for the California Privacy Law and Its Impact
The CCPA is coming and will affect many businesses. A quick overview and some thoughts on getting started on compliance.
Data protection and data sharing has grown to be a hot-button topic worldwide, and California recently changed the game by enacting its own data protection law: the California Consumer Privacy Act (CCPA). While it’s not a federal law, for most businesses operating in the US, it might as well be. After all, many businesses will choose not to have two different data protection frameworks: one for California customers and one for all other customers.
With this in mind, every company or business operating in the US with access to consumer data needs to review whether the law will apply to them and if so, begin to adapt their offerings in order to comply with this law, as other states and countries may soon follow suit. Here’s how:
As a start, the predecessor to CCPA, the California Online Privacy Protection Act, only required companies to provide notice to consumers on how personal information is being used or shared. The CCPA now has expanded 5 key rights to all consumers and all entities, from students to employees. The five rights are as follows:
• The right to know what personal information is being collected about them.
• The right to know whether personal information is being sold or disclosed, and to who.
• The right to refuse the sale of personal information.
• The right to access said personal information.
• The right for equal service and price, even if they opt not to exercise said rights.
From California school districts to landlords, many entities are being forced to confront these data protection frameworks for the first time, so it’s important for all of these to invest in time to look over the laws and make sure they comply.
What are the stakes for companies that don’t comply? In California, while the California Attorney General has the means to hand out heavy fines, the customer also has a surprising amount of punitive power. For example, they are no longer required to show proven harm when stating a data breach claim. Data breach claims can be a major legal and brand harm for a company or entity, and now, it’s a lot harder to dismiss them.
Who is Covered?
We should clarify a few things about who the CCPA applies to. If your company meets any one of the following criteria, the law will apply to you:
• Make over $25 million a year as a business.
• Process 50,000 or more Californian consumer records per year.
• Get 50% of annual revenue from Californian personal information.
All of these apply whether or not your business is outside of the state. In addition, more and more consumers in other states may demand this type of legislation as well. All the more reason for companies to begin thinking about how they can comply, even if they aren’t bound to the January 1st, 2020 start date.
As of right now, we can only estimate some of the potential impact of the CCPA, and depending on your niche of business, you may need to take additional provisions to ensure you remain safe and compliant. In any event, it’s essential that you trust an experienced attorney to go over the laws with you and determine your best course of action.Share
The VLP Speaks blog is made available for educational purposes only, to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site, you understand and acknowledge that no attorney-client relationship is formed between you and VLP Law Group LLP, nor should any such relationship be implied. This blog should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.