California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act of 2018 (CCPA) provides California residents the right to know what personal information businesses collect about them, the purpose of collecting this data, and with whom they share it.
- enacted in 2018
- enforced by California AG
- the CCPA regulations provide guidance on how to implement the law
Who Needs to Comply?
- businesses that meet the any of the following:
- Have gross annual revenues in excess of $25 million
- Buy, receive, or sell the personal information of 50,000 or more consumers, households, or devices
- Derive 50% or more of their annual revenues from selling consumers’ personal information
Requirements
- must provide notice to consumers of their rights and how to exercise those rights before it collects data
Afforded Rights
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale or sharing of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
- The right to correct inaccurate personal information that a business has about them; and
- The right to limit the use and disclosure of sensitive personal information collected about them.
- these rights are similar to those found in the General Data Protection Regulation (GDPR)
Penalties
- allows for civil penalties
- $2,500 for each violation
- or $7,500 for each intentional violation
- penalties can only be imposed after a business receives notice of the violation
- has 30 days to correct the violation