California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them and the CCPA regulations provide guidance on how to implement the law. This landmark law secures new privacy rights for California consumers, including:
The right to know about the personal information a business collects about them and how it is used and shared;
The right to delete personal information collected from them (with some exceptions);
The right to opt-out of the sale of their personal information; and
The right to non-discrimination for exercising their CCPA rights.
Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.
Is Complying with CCPA Mandatory?
The CCPA applies to for-profit businesses that do business in California and meet any of the following:
Have a gross annual revenue of over $25 million;
Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
Derive 50% or more of their annual revenue from selling California residents’ personal information.
What are the penalties for not complying with CCPA?
You can sue a business if your nonencrypted and nonredacted personal information was stolen in a data breach as a result of the business’s failure to maintain reasonable security procedures and practices to protect it. If this happens, you can sue for the amount of monetary damages you actually suffered from the breach or “statutory damages” of up to $750 per incident.