Thu, Dec 26, 2019

The California Consumer Privacy In Effect as of January 1, 2020

The California Consumer Privacy Act (CCPA) is arguably one of the most comprehensive data privacy laws to be enacted in the United States to date.

Companies that conduct business in the state of California and meet any of the following three criteria are subject to the CCPA:

  1. Total corporate revenues exceed $25 million a year;
  2. At least half their annual revenue is from selling consumers’ personal information; or
  3. If personal data of at least 50,000 households are bought or sold within a year.

Under the CCPA, California consumers have new rights and companies have new responsibilities. It is important to note that consumers do not need to have a business or transactional relationship with the company to exercise their rights. The following summarizes the main rights provided to consumers under the CCPA:

  1. Consumers can request that companies provide all information collected about them, free of charge, up to twice a year. 
  2. Consumers can request that companies delete any information they have collected from them. It is noted that there are certain circumstances where companies are not required to honor a request to delete information, such as if the information is necessary to complete a transaction or protect against fraud.
  3. Companies that sell personally identifiable information (PII) are required to create a simple way for consumers to opt out of having their data sold, through a “recognizable and uniform” button or logo on the company’s website.
  4. Consumers are allowed to sue companies that allow PII to be accessed or stolen through a data breach.

Firms subject to the CCPA should seek legal advice to determine what changes need to be implemented in order to comply with their new responsibilities. Most firms will need to update their websites and privacy policies to adhere to the disclosure requirements and firms should consider creating policies and procedures properly handle consumer requests under the CCPA.  

For additional information on the CCPA please also see our other related articles:


Stay Ahead with Kroll

Financial Services Compliance and Regulation

Financial Services Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate, drive efficiencies and remediate operational, legal, compliance and regulatory risk.

U.S. Compliance Services

U.S. Compliance Services

Comprehensive support for asset managers registering in the U.S.

Investment Adviser Services

Investment Adviser Services

Our extensive experience includes setting up advisory firms and assisting with initial registration, as well as a wide span of ongoing compliance support services.

SEC Registration

SEC Registration

Kroll has an experienced team in the U.S. and other global jurisdictions who has helped firms to become SEC registered and advised on exemption requirements.

SEC Mock Examination Services

SEC Mock Examination Services

We have devised a methodical approach to preparing for and navigating any SEC examination.

Return to top