Teaser: The California Consumer Protection Act (CCPA) becomes effective January 1, 2020. Failure to comply with this Act risks regulatory and private action including fines of $2,500 per violation. The Act defines a consumer as a California resident, which includes your employees. We recommend a five-step plan for your business.
The California Consumer Protection Act (CCPA) becomes effective January 1, 2020. The information below is a simplified overview of the law. It provides you with a checklist of actions to take now so that you comply with the law.
First, the Act defines a consumer as a California resident, which includes your employees.
Second, the Act seeks to protect all personal information collected by a company or software program regarding a consumer. Personal information includes, at minimum, any data collected that can be uniquely linked to a person. In the case of your employees, personal information is a social security number, employment history, and a person’s name. In the case of your customers, personal information includes, at least, records of personal property, device numbers, and purchasing history.
Third, the Act applies to all businesses that collect personal information in California which:
The purpose of this new law is two-fold:
It is important that businesses create a data privacy implementation plan that complies with the Act. This includes:
When a consumer submits a request to exercise any or all their rights as listed above, business need to:
You are not required to do this more than twice in a 12-month period per consumer.
Failure to comply with this Act risks regulatory and private action. The State Attorney General’s office has established fines of up to $2,500 per violation and up to $7,500 per violation if the violation is deemed intentional. In addition, the Act provides consumers with individual rights, outside of what the State’s office may bring, to sue in court.
So, we recommend at least the following next steps:
Note that the law is likely to be amended and as courts interpret the law overtime, you may have ongoing compliance requirements. Additionally, we will watch the State Attorney General’s office for guidance documents on how businesses can comply with the law.
We at Garcia & Gurney are happy to assist you and can be reached at (925) 468-0400. Contact our office in Pleasanton, CA today.
Disclaimer: The contents of this article should not be construed as legal advice. This article is not an exhaustive list of issues that may arise in the operations of a business. Businesses should seek the assistance of an attorney who will analyze multiple factors unique to each kind and size of business.