What You Should Know About the California Consumer Privacy Act
The Office of the California Attorney General submitted the final proposed regulations under the California Consumer Privacy Act (CCPA) on June 1. Though the CCPA has granted California consumers robust privacy protections since the beginning of the year, the Attorney General’s office was not allowed to take any enforcement actions for the first 6 months of the year. As of July 1, those restrictions lifted—meaning companies found breaking the law could face big lawsuits.
Under the CCPA, consumers are granted new rights regarding their data:
- The right to know
- The right to delete
- The right to opt-out of the sale of your personal information
Privacy Protections for Consumers
CCPA went into effect on January 1 of this year, the first law in the United States to create a comprehensive set of rules around consumer data. Under the law, consumers are entitled to know their personal information may be shared with third parties, and how. They also have a right to request platforms to delete this data or abstain from selling their personal information.
Additionally, California residents have the right to be notified and the right to equal services and price, meaning they cannot be discriminated against based on their choice to exercise these rights.
If a website has minors under the age of 16 among its users, the business is required to obtain consent from either a minor or their parent before it can sell or disclose their personal information to third parties.
When a Company Fails to Comply
This law applies to any for-profit business that sells the personal information of more than 50,000 California residents, has an annual gross revenue exceeding $25 million, or derives more than 50% of its revenue from selling the personal information of California residents. This means all the major U.S. social media companies must do more to protect you or face the consequences.
If a company is found breaking any of the regulations set out by the CCPA, it can face fines of up to $7,500 per violation and up to $750 per affected user in civil damages. If the company fixes any breaches of the CCPA within 30 days of receiving notice of its violations, it may be able to avoid these fines. However, with “per violation” and “per affected user” language, companies that do not or cannot fix the issue could see these penalties quickly pile up.
Additionally, under the CCPA, consumers now have the option to take action if their data is compromised in a breach of any sort. With many major companies facing mass hacks each year, having the right to fight back when one’s data is compromised is an important step forward for consumers.
“Knowledge is power, and in the internet age, knowledge is derived from data. Our personal data is what powers today’s data-driven economy and the wealth it generates. It’s time we had control over the use of our personal data. That includes keeping it private,” said California Attorney General Xavier Becerra in an October press release.
Businesses were required to finalize their CCPA compliance efforts by July 1.
To find out what Kershaw, Cook & Talley is doing to help California residents exercise their rights under the CCPA or to learn more about the act, give us a call at (916) 520-6639.