California’s Now Protecting Its Consumer’s Data; Should You and Your Business Be Concerned?

Privacy is a growing issue in our ever-evolving digital world. We’re always told to be wary of giving out too much information, keeping our passwords strong and secure and updating them frequently, as well as never clicking on suspicious links, and only purchasing from trusted sites. 

Increasingly, reputable companies and banks fall prey to security breaches, throwing consumers in a state of panic, wondering if their private data was exposed to potential fraud and misuse, and questioning if anything is safe anymore. 

The State of California has been cracking down on its consumer’s protection in the past couple of years and starting on January 1st, 2020, the most rigorous privacy law, the California Consumer Protection Act went into effect. This law allows residents of the state unprecedented measures to ensure that their personal information is kept private. The CCPA gives the ability to the consumer to contact companies that operate within the state to disclose what information is collected on them, to request the deletion of their personal data from the company’s database, and to provide a clear “do not sell” link on the company’s website, prohibiting the company to sell that consumer’s data. Consumers are also protected from discrimination or unequal treatment from the company if they contact them to delete their data. There will be a grace period of 6 months for businesses operating in California to update their websites with “opt-out” links, to clearly disclose what information will be collected and/or shared and to treat consumer’s requests before any legal penalties are issued.

For now, the types of businesses affected are those with an annual gross revenue of $25m or more, or those that receive 50% or more of their annual revenue by selling consumer’s personal data, or buy/sell/get/share personal information from 50,000 or more sources, consumers or households annually. For example, businesses like Facebook or Google would fall into this category, but not-for-profits are also implicated. There is a loophole for businesses, as they may offer financial incentives to collect personal data from consumers as long as this is clearly disclosed. 

There are similar laws in Europe which blanket all businesses and companies that handle consumer’s private data and require parental consent of any information stored on children under the age of 16. The CCPA however, only requires parental consent for children 13 or younger.

While this is a step in the right direction for consumers in the state of California looking to take control of their personal data, it may prove to be tough to regulate and manage, especially for businesses operating nationwide, with privacy laws that vary from state to state. While a similar nationwide law is years away from passing, consider the CCPA as a great first step for consumers to take control of their personal information.