The California Consumer Privacy Act (CCPA), was unanimously passed by California lawmakers and signed into law by the Governor on June 28th, 2018 and has to be implemented by all organizations that provide services to California Consumers by Jan 1 2020.
It gives California consumers unprecedented personal data protections and possibly sets the tone for similar legislation in other states.
It offers new and wide ranging privacy rights for California residents, including a right to be informed about personal data collected by a business and rights to access and delete that information, a right to prevent personal information from being sold to third parties, and a right to data portability. The law applies to all businesses that collect or use this personal information, not just those companies in California. The California Attorney General may bring actions for civil penalties of up to $7,500 per violation and there is a limited private right of action for individual victims of data breaches for penalties ranging between $100-750 per violation.
Companies are mandated to develop and implement data policies, procedures and data governance processes to address
- What personal information a business has collected about them, where it was sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold
- The Right to “opt out” of allowing a business to sell their personal information to third parties (or, for consumers who are under 16 years old, the right not to have their personal information sold absent their, or their parent’s, opt-in)
- The Right to have a business delete their personal information, with some exceptions
- The Right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.
Click here to Read Detailed Expectations of California Consumer Privacy Act