This new year finally brings into effect the California Consumer Privacy Act (CCPA), which provides California consumers with certain rights to how their data is used and collected by businesses. For example, they now have the right to opt-out of the sale of their personal information, as well as the right to request deletion of that information. Moreover, each California resident who is the victim of a data breach now may be entitled to $100-$750 even without proving whether harm was done by the breach. The CCPA applies to any for-profit business – regardless of location – that collects personal information of California residents, and that: (1) has $25 million or more in annual revenue; or (2) receives personal data of more than 50,000 consumers, households or devices; or (3) earns more than half of its revenue selling consumers’ personal data. Even a fairly small business with no California office could be subject to the CCPA’s requirements.
How could this impact you? Some of us may have friends or family members who are California residents and now have expanded privacy rights. Others may have clients, friends or family members who own or are responsible for a business that is in the possession of personal information of California residents, and therefore now has expanded privacy obligations.
For more detailed information on the CCPA, see our previous articles that provide a general overview of the Act, a summary of its amendments, and an update on the Attorney General’s proposed regulations implementing the Act.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact Bob Brewer, Tony McFarland, Elizabeth Warren or a member of our Privacy & Data Security team.