California Consumer Privacy Act (CCPA) set to go into effect 1 January 2020 New
By
29 November 2019

Eight other US states have similar privacy legislation in the pipeline

Subscribe to my blog

Share This Article


Source: David|29 November 2019

The California Consumer Privacy Act (CCPA) scheduled to become effective 1 January 2020 gives California consumers new rights with regard to their personal information.

Although the CCVPA is still a work in progress, it's known that specific rights of consumers under CCPA will include the rights to:

  • Know what personal information is collected, used, shared or sold
  • Delete personal information held by businesses and their service providers
  • Opt out of the sale of personal information, except that children under age 16 must opt in
  • Not be discriminated against in price or service as a result of exercising privacy rights under CCPA

The CCPA will apply to businesses that meet one or more of these criteria:

  • Gross annual revenues > $25M
  • Buy, receive or sell the personal information of 50K or more "consumers, households or devices"
  • Derive 50% or more of annual revenues from the sale of consumers' personal information

New obligations of such businesses under CCPA are:

  • Provide notice to consumers before collecting data
  • Create procedures for consumers to "opt-out, know and delete", including a "Do Not Sell My Info" link on websites and apps
  • Respond to consumer requests to know, delete, opt-out within specific timeframes
  • Verify the identity of consumers who request to know or delete
  • Disclose financial incentives offered for retention or sale of personal information
  • Maintain records of consumer requests
  • Disclose privacy practices in a comprehensive privacy policy

Penalties for CCPA non-compliance can reach $7500 per affected customer.

How CCPA is different from the EU GDPR:

  • CCPA is focused on allowing consumers to opt out of the sale of their data. Absent opt-out, publishers will be able to sell consumers' data.
  • CCPA doesn't require getting consumers' permission to use their data fior ad targeting.
  • CCPA doesn't cover location data providers, or emerging data-collection tools like Internet-connected TVs or smart cars or appliances

The Interactive Advertising Bureau (IAB) is drafting a CCPA Transparency and Consent Framework for Publishers and Technology Companies that includes a master contract for publishers' supply-chain partners, along with technical specs. The IAB framework will continue to evolve until California officials have firmed up the CCPA itself

And this is just the beginning.

In June, Maine legislators passed An Act To Protect the Privacy of Online Customer Information which prohibits broadband ISPs from using, disclosing, selling, or giving access to almost every category of information flowing from a consumer's use of Internet service.

New privacy regulations are under development by other US states including Hawaii, Maryland, Massachusetts, Mississippi, New Mexico, New York, North Dakota and Rhode Island.

What consumer personal information does your company have? Better find out and start developing systems for complying with rules like those in the CCPA.


If you found this article helpful and would like to see more like it, please share it via the Share This Article link at the top of the page.

And if you have questions or comments, you can easily send them to me with the Quick Reply form, below, or send me an e-mail.


David Boggs    - David
  David@DavidHBoggs.com
View David Boggs's profile on LinkedIn

Google Certifications - David H Boggs
Subscribe to my blog

   
   
Website
Visit Website
Rating
4/5 based on 1 votes.
Show Individual Votes
Tags , , , ,
Related Listings
External Article: https://oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf


E-mail:
Quick Reply
Name:
E-mail:
Subscribe to my blog:
Your Comment:


You may use BB Codes in your message.
Spam Prevention:


Members currently reading this thread:

Next Article