By: Nishita Patel
In June 2018, the State of California enacted the California Consumer Privacy Act of 2018 (CCPA). The law grants consumers new rights on their personal information, and it imposes data protection duties on certain businesses. Impacted businesses should act now to ensure they comply with CCPA by the effective date of January 1, 2020.
Under the CCPA, California residents and employees have the right to:
The CCPA defines personal information broadly to include different categories of information that can indirectly identify a person, including but not limited to aliases, unique personal identifiers, credit card details, social security numbers, email addresses, internet browsing and search history, geolocation data, and more.
The CCPA applies to entities that do business in California and collect personal information from California consumers. In addition, they must have one of the following traits to be subject to CCPA regulations:
Entities that control or are controlled by a business that meets the above requirements must also comply with CCPA if they share common branding with the entity.
Companies should begin compliance planning now for CCPA by examining:
Many businesses will need to develop new processes related to consumer data. In a post-CCPA world, business processes must address the following:
Businesses should consult with an experienced California attorney to develop CCPA-compliant processes.
Under CCPA, individuals may recover damages for unauthorized access to their personal information, even if there is no harm. Damages can range between $100 to $750 per consumer per incident, or actual damages.
California’s Attorney General can also bring a civil action for CCPA violations. In this case, companies may be liable for civil penalties for each violation. The California Attorney General must give the offending entity notice of the alleged violation and at least 30 days to fix the problem. If the company does not fix the violation, the California Attorney General may seek civil penalties of up to:
Businesses that operate in California and are subject to CCPA should take steps to ensure they comply with the CCPA requirements by January 1, 2020. Contact an experienced Chugh, LLP attorney today to develop a compliance plan for your company.
© 2024 Chugh LLP Affiliate Network. All Rights Reserved