On June 28, 2018, California enacted the California Consumer Privacy Act ("CCPA"), a groundbreaking, consumer-friendly, privacy law unlike any predecessor in the United States. The California Consumer Privacy Act will impact almost all US-based businesses that collect consumer data from California State residents, as well as companies that provide assistance in connection with the processing of that consumer data.
The CCPA officially goes into effect on January 1, 2020, and, given its broad scope and applicability, US-businesses should begin taking the necessary steps to ensure that they are in full compliance with its various provisions. In order to do so, affected businesses must, among other things, overhaul their online privacy policies to ensure that they include the requisite disclosures and consumer options.
What Changes Should I Make to My Privacy Policy So that It Complies with the California Consumer Privacy Act?
Key Privacy Policy Requirements Established by the CCPA
Passage of the CCPA stems from an evolving regime of laws in Europe, the United States and other parts of the world that seek to provide consumers with more information about, rights in, and control over, uses of their personal data. In pursuit of those goals, the CCPA imposes certain requirements that must be included in online privacy policies. Below is a partial list of some of the required disclosures that businesses must include in their respective privacy policies in order to comply with the CCPA:
- Businesses must disclose what categories and specific items of personal information are collected about California consumers;
- Businesses must disclose what sources they used to collect the applicable personal information;
- Businesses must disclose the commercial or business purpose for which the personal information was collected;
- Businesses must disclose the categories of personal information that will be shared with third-parties, as well as the categories of third-parties with whom such personal information will be shared;
- Businesses must provide consumers with a description of their various rights provided by the CCPA; and
- Businesses must ensure that their respective privacy policies contain a mechanism for consumers to opt out of having their personal information sold or disclosed to third parties.
Liability Under the CCPA
If found liable for violating the CCPA, including for having a non-CCPA compliant privacy policy, businesses can be fined up to Seven Thousand Five Hundred Dollars ($7,500.00) for each intentional violation, in addition to other remedies sought by the California State Attorney General. While the CCPA does not go into effect until January 1, 2020, given the complexity involved in ensuring full compliance with the law, it is essential that businesses consult with experienced counsel now to ensure that privacy policies are CCPA-compliant.
Similar blog posts:
Comparing the Washington Privacy Act (WPA) to the California Consumer Privacy Act (CCPA)
Does the California Consumer Privacy Act Apply to Your Business?
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
