The California Consumer Privacy Act (“CCPA”) will go into effect on January 1, 2020. Does that mean anything to anyone reading this blog?
This law was created to protect the personal information of California consumers from being sold by the companies that have access to this information, and its implications are discussed in this Forbes.com article. Similar privacy acts are under consideration in several other states including Massachusetts and Hawaii, so I think it is safe to say that this is not going away. I think most of us as consumers think this is a great idea in light of the many data breaches that have occurred in the last few years from Equifax to Whatsapp and everything in between. In addition, while some people find it helpful to have suggestions appear for items to purchase based on your prior searches (remarketing), others feel like Big Brother is watching and was not invited!
All businesses which are for-profit and collect and process information on California residents, conduct business in California and meet one of the following criteria will be impacted:
-have over $25 million in annual gross revenues
-annually buys or sells personal information of 50,000 consumers, households or devices
-derives more than 50% of its annual revenue from selling consumers’ personal information
These businesses will be required to get permission from consumers that they will be using or selling their personal information and must have “do not sell my personal information” link on their website homepage that will allow consumers to easily opt out. They must also delete any personal information that they have stored upon a valid consumer request and could face fines of up to $7500 for non-compliance on each violation.
Another component of this act is its definition of personal information. The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household.”[1]
My wife works in privacy and has indicated that there are several amendments that are being considered including an amendment that specifically addresses loyalty programs and how they will be impacted (or not) by this new law. I will have a subsequent post when and if loyalty programs are specifically addressed in the future. There is also a lot of conjecture as far as what exactly will be enacted and when it will be enforceable, but regardless of whether you are on the business side of this or the consumer side, it should probably be on your radar screen.
This public service announcement has been brought to you by
me.
[1] This seems a bit too broad to me, and maybe it is purposely written so, but in my mind, this applies to items like Social Security number, phone number, etc.