What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act, or CCPA, is a sweeping new regulation that became law in the summer of 2018. The Act, which goes into effect on January 1, 2020, serves to enforce the privacy rights of California Consumers and mandates strict requirements for organizations that electronically collect, store, or process consumer’s personal information.
This new regulation requires organizations to disclose to consumers what types of personal information they collect, for what purposes, and how it is used. It provides consumers the right to restrict what organizations can and/or cannot do with their personal information. For example, consumers can choose to opt-out of information sharing/selling programs of their personal information. Consumers also can request access to their personal information or request that it be deleted or exported in a common electronic format.
Organizations that do business with California consumers must quickly prepare to meet these new requirements. This means understanding what types of personal information they collect, for what purposes, how it is used, stored, and protected. It also means organizations need to be prepared to respond to consumers’ requests for the following; opt-in and opt-out of information sharing/selling programs, access-to, deletion-of and exporting of personal information. Organizations are also required to make disclosures in the event of a security breach.
The California Attorney General’s Office is mandated with maintaining and enforcing these new regulations. The California AG’s Office will have the legal authority to apply civil penalties and fines for non-compliance. This includes fines ranging from up to $2,500 to $7,500 per violation. In addition, consumers can file class action lawsuits to recover damages $100 - $750 per consumer per incident. The later has the potential for greater financial impact to businesses who suffer a breach where consumers’ personal information is exposed.