California’s New Sweeping Privacy Law is Effective January 1, 2020
Now is the Time to Get Compliant.
California passed what many describe as the most sweeping and comprehensive consumer privacy law in the county. The law is called the California Consumer Privacy Act (the "CCPA" for short), and it becomes effective January 1, 2020.
For many businesses, getting compliant with this law is time-consuming and labor-intensive, and for that reason businesses need to start on their compliance efforts now in order to make certain they are compliant by the deadline.
The first thing businesses must ask is whether the law even applies to them. The law states that it applies to businesses:
- That have annual gross revenues over $25 million; or
- That annually buy or receive the personal information of 50,000 or more California residents; or
- That derive 50% or more of their annual revenue from selling consumers’ personal information, which includes renting, transferring, making available, or disclosing consumers’ personal information.
After making this key decision, the next step is to create or revise website consent language, in order to obtain consent from consumers for all types of data collected and the uses for such data. If a business is not the entity that originally collected the consumer information, then a business much analyze whether this data may be used or even stored.
Business must also prepare to permit California consumers to exercise their rights to confirm what personal information of theirs a business maintains, and to demand that a business delete personal information of the consumer. This preparation involves developing new internal business processes, training staff, and putting agreements and procedures in place with third-party clients, service providers, and other vendors to ensure such requests are honored in a compliant manner. The business must also provide at least two methods for the consumer to contact the business and exercise such requests, and the requirements of such methods differ for online-only businesses.
The CCPA and the written guidelines from the California Attorney General about the CCPA are dense and complex. Fortunately, Kronenberger Rosenfeld can help your business get compliant with the CCPA by helping you do your data-mapping, draft website disclosures and edits to privacy policies, and provide guidelines for staff training. We also offer fixed fees for our CCPA legal services.
If you need assistance getting compliant with the CCPA, contact one the firm’s attorneys or email us at [email protected].
This entry was posted on Friday, November 08, 2019 and is filed under General News & Firm Announcements, Internet Law News.