California Consumer Privacy Act (CCPA) set to go into effect 1 January 2020

California Consumer Privacy Act (CCPA) set to go into effect 1 January 2020
By
29 November 2019

Eight other US states have similar privacy legislation in the pipeline

The California Consumer Privacy Act (CCPA) scheduled to become effective 1 January 2020 gives California consumers new rights with regard to their personal information.

Although the CCVPA is still a work in progress, it's known that specific rights of consumers under CCPA will include the rights to:

  • Know what personal information is collected, used, shared or sold
  • Delete personal information held by businesses and their service providers
  • Opt out of the sale of personal information, except that children under age 16 must opt in
  • Not be discriminated against in price or service as a result of exercising privacy rights under CCPA

The CCPA will apply to businesses that meet one or more of these criteria:

  • Gross annual revenues > $25M
  • Buy, receive or sell the personal information of 50K or more "consumers, households or devices"
  • Derive 50% or more of annual revenues from the sale of consumers' personal information

New obligations of such businesses under CCPA are:

  • Provide notice to consumers before collecting data
  • Create procedures for consumers to "opt-out, know and delete", including a "Do Not Sell My Info" link on websites and apps
  • Respond to consumer requests to know, delete, opt-out within specific timeframes
  • Verify the identity of consumers who request to know or delete
  • Disclose financial incentives offered for retention or sale of personal information
  • Maintain records of consumer requests
  • Disclose privacy practices in a comprehensive privacy policy

Penalties for CCPA non-compliance can reach $7500 per affected customer.

How CCPA is different from the EU GDPR:

  • CCPA is focused on allowing consumers to opt out of the sale of their data. Absent opt-out, publishers will be able to sell consumers' data.
  • CCPA doesn't require getting consumers' permission to use their data fior ad targeting.
  • CCPA doesn't cover location data providers, or emerging data-collection tools like Internet-connected TVs or smart cars or appliances

The Interactive Advertising Bureau (IAB) is drafting a CCPA Transparency and Consent Framework for Publishers and Technology Companies that includes a master contract for publishers' supply-chain partners, along with technical specs. The IAB framework will continue to evolve until California officials have firmed up the CCPA itself

And this is just the beginning.

In June, Maine legislators passed An Act To Protect the Privacy of Online Customer Information which prohibits broadband ISPs from using, disclosing, selling, or giving access to almost every category of information flowing from a consumer's use of Internet service.

New privacy regulations are under development by other US states including Hawaii, Maryland, Massachusetts, Mississippi, New Mexico, New York, North Dakota and Rhode Island.

What consumer personal information does your company have? Better find out and start developing systems for complying with rules like those in the CCPA.


And if you have questions or comments, you can easily send them to me with the Quick Reply form, below, or send me an e-mail.


David Boggs    - David
David@DavidHBoggs.com
View David Boggs's profile on LinkedIn

Google Certifications - David H Boggs
View my profile on Quora
Subscribe to my blog

External Article: https://oag.ca.gov/system/files/attachments/press_releases/CCPA%20Fact%20Sheet%20%2800000002%29.pdf


Subhead Eight other US states have similar privacy legislation in the pipeline
Website
Visit Website
Rating
4/5 based on 1 vote.
Show Individual Votes
Related Listings

Sorry, you don't have permission to post comments. Log in, or register if you haven't yet.

Please login or register.

Members currently reading this thread: