Search Site
Menu
​6700 Koll Center Parkway, Suite 330 | Pleasanton, California 94566
Call For Consultation 925-468-0400
New Privacy Rights Are On the Way: What Your Marketing and Human Resources Departments Need to Know

New Privacy Rights are on the Way: What Your Marketing and Human Resources Departments Need to Know

Teaser: The California Consumer Protection Act (CCPA) becomes effective January 1, 2020. Failure to comply with this Act risks regulatory and private action including fines of $2,500 per violation. The Act defines a consumer as a California resident, which includes your employees. We recommend a five-step plan for your business.

The California Consumer Protection Act (CCPA) becomes effective January 1, 2020. The information below is a simplified overview of the law. It provides you with a checklist of actions to take now so that you comply with the law.

First, the Act defines a consumer as a California resident, which includes your employees.

Second, the Act seeks to protect all personal information collected by a company or software program regarding a consumer. Personal information includes, at minimum, any data collected that can be uniquely linked to a person. In the case of your employees, personal information is a social security number, employment history, and a person’s name. In the case of your customers, personal information includes, at least, records of personal property, device numbers, and purchasing history.

Third, the Act applies to all businesses that collect personal information in California which:

  • Generate gross revenues over $25 million,
  • Alone or in combination, has annual purchases, receivables, or sells or shares the personal information of 50,000 consumers, households, or devices, or
  • Derives more than 50% of its annual revenues from selling personal information.

The purpose of this new law is two-fold:

  1. Codify the rights of consumers as to the use and storage of their personal information, and
  2. Enforce data collectors to increase their security measures to prevent breaches.

It is important that businesses create a data privacy implementation plan that complies with the Act. This includes:

  • Mechanisms for providing consumers at or before the point of data collection (e.g. making an order, or onboarding an employee) with a description of what information will be collected, how that information may be used, the identification of any third parties using the information collected,
  • Information about the consumer’s rights including:
    • The right to the information collected,
    • Copies of the information collected,
    • The right to request deletion of the information collected,
    • The consumer’s ability to opt in or out of the sale of the information collected,
    • Whether financial incentives are provided by your business or the third parties you may contract with regarding the information collected,
  • Mechanisms for annually auditing these policies,
  • Mechanisms for submitting requests to exercise rights (the bullets above) via a telephone number or website address, and
  • A link to a Do Not Sell policy that consumers can take advantage of when exercising their rights.

When a consumer submits a request to exercise any or all their rights as listed above, business need to:

  • Verify the identity of the consumer making the request,
  • Deliver the information requested free of charge via mail or electronically, and
  • Deliver the information requested within 45 days of the request.

You are not required to do this more than twice in a 12-month period per consumer.

Failure to comply with this Act risks regulatory and private action. The State Attorney General’s office has established fines of up to $2,500 per violation and up to $7,500 per violation if the violation is deemed intentional. In addition, the Act provides consumers with individual rights, outside of what the State’s office may bring, to sue in court.

So, we recommend at least the following next steps:

  1. Review your existing security policies and procedures to see if they comply with the Act effective Jan. 1, 2020,
  2. Draft updates to these policies as necessary,
  3. Send us a draft of these policies to assist you in compliance,
  4. Begin educating the customer-facing employees as well as those specific employees who focus on or work with employee personal information about the Act and your compliance measures.
  5. Annually review these policies.

Note that the law is likely to be amended and as courts interpret the law overtime, you may have ongoing compliance requirements. Additionally, we will watch the State Attorney General’s office for guidance documents on how businesses can comply with the law.

We at Garcia & Gurney are happy to assist you and can be reached at (925) 468-0400. Contact our office in Pleasanton, CA today.

Disclaimer: The contents of this article should not be construed as legal advice. This article is not an exhaustive list of issues that may arise in the operations of a business. Businesses should seek the assistance of an attorney who will analyze multiple factors unique to each kind and size of business.

Contact us

Please fill out the form below and one of our attorneys will contact you.

Quick Contact Form

Pay Link
  • Make a Payment
Awards/Affiliations
Client Testimonials
  • "Melinda Garcia came very highly recommended by two colleagues who raved about her expertise and assertiveness. She and her team are extremely responsive and help us navigate the legal challenges of our consulting business. We're thrilled to have Melinda on our side!"

  • "Melinda Garcia was wonderful to work with. She is an outstanding listener and has a great memory for details and personal information.... which makes one feel very comfortable and welcome. I would highly recommend her to anyone not only because of her outstanding abilities but because of the compassion she eludes in dealing with an individual's issues/concerns."

  • "Highly recommend! I was in need of urgent help with an employment matter and Melinda Garcia came through for me the same day. She fit me in for a consultation within hours of my call and read my documents prior to our meeting. She was thorough, attentive to my needs, knowledgeable, professional and above all very comforting."

  • "Melinda Garcia provided me excellent advice in resolving an employment agreement related to an acquisition of the company I worked for. She is very knowledgeable, asked me what I wanted to achieve with her services, provided excellent service to achieve those goals, and was very cognizant of fees. I recommend her for employment related services."

  • "Melinda Garcia provided excellent guidance with an employment/compensation case. Her knowledge of employment law, and strong negotiation skills, brought the case to a successful conclusion."

  • "Melinda Garcia has done an excellent job assisting us as we established our small business. From incorporation to contract negotiations, Melinda Garcia and her staff were outstanding"