Starting on January 1, 2020, the California Consumer Protection Act (CCPA) (AB-375) and its amendments (AB1564, AB-25, AB-1355, AB-874) become law. In an effort to help keep our information safe, AB-375 protects a consumer’s Personal Identifiable Information (PII). PII is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The verbiage is a little convoluted, but think of things like your home address, e-mail, social security number, phone number, spending habits, past purchases, location, computer IP addresses, employment information. If it’s your personal information, AB-375 protects it.
What types of companies are affected? Well, if the business handles PII of 50,000 or more California consumers, households or devices; or collects consumers’ personal information, or 50% or more of its annual revenue comes from selling personal information (definition of selling is VERY broad - if you share the information with another company that counts), they fall under the category of business that AB-375 is looking to protect. It applies to all businesses that are for profit, and have an annual gross revenue >$25Million, and do business in California.
The law requires businesses to respond promptly to a consumer’s request to delete personal information. Consumers may also access the data, in order to see what has been collected, or move (port) their data from the offending company.
In addition, AB-1355 (amendment to AB-375) allows a consumer to institute a civil action if their information is stolen or disclosed as a result of failure to follow reasonable security practices. So all of these data breaches that have affected millions of consumers? They may result in lawsuits beginning next year.
Businesses may not discriminate against consumers exercising their CCPA rights (like by providing a lesser level of service), and businesses must actively seek to minimize and protect the information they collect on California consumers. While the law goes into effect on January 1, 2020, enforcement will begin in July of 2020.
As the standard-bearer for much of the country, California’s CCPA is serving as the template for privacy laws in Nevada, New York, Illinois, Maine, Connecticut, Hawaii, Louisiana, North Dakota and Texas.
The Golden State keeps leading the way!