The California Consumer Privacy Act (CCPA)
Toll Free Call
Advocating for Privacy
NEW CALIFORNIA LAW GIVES CONTROL OF PERSONAL INFORMATION BACK TO CONSUMERS
The CCPA gives every Californian the right to demand a full accounting of the information a company has compiled about them, as well as full transparency as to any third parties with whom that company may be sharing that data. In addition, the California law allows consumers to sue companies if there is a data breach in certain situations.
The CCPA applies to any company that serves Californian consumers and 1) has annual revenues of $25 million, or 2) keeps personal data on at least 50,000 people, or 3) collects more than half of their revenues from the sale of personal data. Companies don’t have to be based in California or have a physical presence to be subject to the CCPA.
Under the new law, companies doing business in California must have a clearly visible footer on websites offering consumers the option to opt out of data sharing.
The CCPA also assigns specific penalties if any unauthorized access to personal information occurs as a result of the company’s negligence and goes uncured:
- social security, driver’s license, or California identification card number;
- account, credit card, or debit card number, in combination with a code or password; or
- medical or health insurance information.
The CCPA allows for penalties ranging between $100 and $750 per consumer per incident, or actual damages if greater, depending on “the nature and seriousness of the misconduct, the number of violations, the persistence of the misconduct, the length of time over which the misconduct occurred, the willfulness of the defendant’s misconduct, and the defendant’s assets, liabilities, and net worth.” Cal. Civ. Code § 1798.150(a)(2).