In recent years, across all 50 states, bills have been introduced to address concerns about privacy, cybersecurity and data breaches. California spearheaded this legislative momentum with its recently created, first-in-the-nation statewide consumer privacy agency.
The Consumer Privacy Act (CCPA), enacted in 2018,gives Californians control over how businesses collect and use their personal information (PI). In November 2020, California constituents voted in the California Privacy Rights Act which created the California Privacy Protection Agency to enforce that law.
Consumer rights defined
California consumers have the following privacy rights:
- Right to know what PI a business is gathering from them and how that PI used or shared
- Right to delete (with a few exceptions) the PI collected from them
- Right to opt-out of the sale or sharing of their PI
- Right to correct inaccurate PI a business has about them
- Right to limit the use and disclosure of sensitive PI a business has about them
- Right to nondiscrimination over exercising any of these rights
Which business are impacted?
For-profit companies doing business in California must comply with the CCPA in certain situations. These include:
- The company has gross annual revenue over $25 million
- The company gathers, buys or sells the PI of 100,000 or more California residents, households or devices
- The companyn’s annual revenue is 50% or more based on the sale of the PI of California residents
Thousands of businesses must manage these consumer demands and falling short will expose them to possible fines or lawsuits. For legal advice and guidance navigating this new terrain, it’s prudent to consult with counsel experienced in this area of the law.