Share This Page


California Consumer Privacy Act of 2018

June 30, 2018


It appears California has commemorated  GDPR’s one month anniversary with the new California Consumer Privacy Act of 2018.

Good times! What’s good for EU residents is good for Californians. Coincidence? What matters is, it’s as real as GDPR,  and violators will pay.


This time it’s about California “consumers” broadly defined as,

  1. Residents (meaning, not a consumer or individual who is just passing through California  for a temporary purpose)
  2. Residents who may be temporary away from California



First, what personal information is being regulated? The regulation describes this very broadly as well. Here’s an idea.

“Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.”

  1. Definitely contact information
  2. Physical ID and electronic identifiers  – that might also include , employment data, education data, geolocation data, etc.
  3. Consumer behavior, preferences, biometrics, browsing history, products and services purchased, etc.

See additional details on the definition here.



What privacy rights do you need to help Californians exercise?

We’ve tallied up some of them here.

  1. Right to access personal information collected and to know what is collected about them
  2. Right to be forgotten (or to deletion)
  3. Right to be informed (right to be informed of personal data breaches)
  4. Right to choose or opt out of the sale of their personal information
  5. Right to receive the same services, discounts, or incentives afforded those who do not exercise their privacy rights

Sounds like GDPR. Doesn’t it? Many privacy policies will get updated again soon.


Does the law apply to my organization?

  1. Any organization conducting business in California (i.e., sells goods and services to residents)
  2. Does not have to be physically located in California
  3. Could also be a non-profit organization
  4. Collects and processes personal information of 50,000+ California residents
  5. Earns $25 million+ annually
  6. Earns more than 50% of its annual revenue selling consumer personal data


Who will enforce this law?

The California Attorney General will bring civil actions against violators and prosecute crimes.



What if I don’t comply?

Plan and make every effort to comply.

  1. Businesses will be given a 30-day notice to remedy a violation
  2. Intentional violators will be fined up to $7,500 per violation
  3. Unintentional violators will be fined less than $7,500
  4. Data breaches resulting from a failure to implement appropriate safeguards may result in a private right of action and payment of actual damages to an individual consumer (up to $750 per individual affected)



Now, you have this information. It may not help you feel less nervous about the California Consumer Privacy Act. But if law does apply to you, put your best efforts forward and you won’t be overwhelmed with all the risks at once. Don’t wait to see what happens next. Start planning now.  You don’t have until May 2020. Your organization should strive to be compliant prior to the deadline. Same as GDPR – although some waited until March 2018. Other states are already making efforts to pass similar regulations. Planning will save your organization money.



Guidance is on the way to help businesses have the necessary details to understand the implementation of the regulation. But it’s a great idea to start a dialogue with your business partners now than later. Assessing risks based on what you know now will go a long way. If you’re not sure where to start, get the help that you need.


Remember, time flies when you’re making efforts to be compliant.



Photos by Sterling Davis, RawPixel, Sharon Cutcheon, Dimon Blr, Ros Findon, Markus Spiske, John Schnobrich and Ryan Brisco 

Comments are closed.

Share This Page

Social media & sharing icons powered by UltimatelySocial