It appears California has commemorated GDPR’s one month anniversary with the new California Consumer Privacy Act of 2018.
Good times! What’s good for EU residents is good for Californians. Coincidence? What matters is, it’s as real as GDPR, and violators will pay.
This time it’s about California “consumers” broadly defined as,
- Residents (meaning, not a consumer or individual who is just passing through California for a temporary purpose)
- Residents who may be temporary away from California
First, what personal information is being regulated? The regulation describes this very broadly as well. Here’s an idea.
“Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.”
- Definitely contact information
- Physical ID and electronic identifiers – that might also include , employment data, education data, geolocation data, etc.
- Consumer behavior, preferences, biometrics, browsing history, products and services purchased, etc.
See additional details on the definition here.
What privacy rights do you need to help Californians exercise?
We’ve tallied up some of them here.
- Right to access personal information collected and to know what is collected about them
- Right to be forgotten (or to deletion)
- Right to be informed (right to be informed of personal data breaches)
- Right to choose or opt out of the sale of their personal information
- Right to receive the same services, discounts, or incentives afforded those who do not exercise their privacy rights
Sounds like GDPR. Doesn’t it? Many privacy policies will get updated again soon.
Does the law apply to my organization?
- Any organization conducting business in California (i.e., sells goods and services to residents)
- Does not have to be physically located in California
- Could also be a non-profit organization
- Collects and processes personal information of 50,000+ California residents
- Earns $25 million+ annually
- Earns more than 50% of its annual revenue selling consumer personal data
Who will enforce this law?
The California Attorney General will bring civil actions against violators and prosecute crimes.
What if I don’t comply?
Plan and make every effort to comply.
- Businesses will be given a 30-day notice to remedy a violation
- Intentional violators will be fined up to $7,500 per violation
- Unintentional violators will be fined less than $7,500
- Data breaches resulting from a failure to implement appropriate safeguards may result in a private right of action and payment of actual damages to an individual consumer (up to $750 per individual affected)
Now, you have this information. It may not help you feel less nervous about the California Consumer Privacy Act. But if law does apply to you, put your best efforts forward and you won’t be overwhelmed with all the risks at once. Don’t wait to see what happens next. Start planning now. You don’t have until May 2020. Your organization should strive to be compliant prior to the deadline. Same as GDPR – although some waited until March 2018. Other states are already making efforts to pass similar regulations. Planning will save your organization money.
Guidance is on the way to help businesses have the necessary details to understand the implementation of the regulation. But it’s a great idea to start a dialogue with your business partners now than later. Assessing risks based on what you know now will go a long way. If you’re not sure where to start, get the help that you need.
Remember, time flies when you’re making efforts to be compliant.
Photos by Sterling Davis, RawPixel, Sharon Cutcheon, Dimon Blr, Ros Findon, Markus Spiske, John Schnobrich and Ryan Brisco
- January 2019 (1)
- December 2018 (1)
- November 2018 (1)
- October 2018 (1)
- September 2018 (1)
- August 2018 (1)
- July 2018 (1)
- June 2018 (1)
- May 2018 (1)
- April 2018 (1)
- March 2018 (1)
- February 2018 (1)
- January 2018 (1)
- June 2017 (1)
- May 2017 (1)
- March 2017 (1)
- February 2017 (1)
- January 2017 (1)
- December 2016 (1)
- November 2016 (1)
- October 2016 (1)
- September 2016 (1)
- August 2016 (1)
- July 2016 (1)
- June 2016 (1)
- May 2016 (1)
- April 2016 (1)
- March 2016 (1)
- February 2016 (1)
- January 2016 (1)
- December 2015 (1)
- November 2015 (1)