Extract from an article by Jason Priebe and John Tomaszewski (Seyfarth Shaw)
The California Consumer Privacy Act of 2018: What Businesses Need to Know Now
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) applies to businesses collecting, selling, or disclosing personal information in California. In sum, its intended purpose is to require impacted businesses to provide enhanced transparency and to give consumers the right to control their personal information. Specifically, its goal is to further a California consumer’s right to privacy by ensuring various rights including: 1) knowing what personal information is being collected; 2) knowing whether their personal information is sold or disclosed and to whom; 3) saying no to the sale of their personal information; 4) access to their personal information; and 5) equal service and price, even if they exercise their personal rights.
What Companies Are Affected?
The CCPA applies to any company doing business or with employees in California if they:
- generate $25 million or more a year in revenue;
- annually buy, receive, sell, or share personal information of 50,000 or more consumers, households, or devices for commercial purposes; or
- derive 50% or more of their annual revenue from selling consumer personal information.
Companies with employees or customers in California need to take stock of the information they are processing that could qualify as “personal information” for California residents, and they need to begin establishing mechanisms for compliance before the end of 2019.
- New California Privacy Law Accelerates Data Privacy Discussion
- A Sign of Things to Come? Chicago Introduces Data Protection Ordinance