Other Regulatory Matters - First Quarter 2020

The California Consumer Privacy Act (CCPA), effective since January 1, 2020, creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses.

The CCPA grants California consumers the following rights: to know what personal information is being collected, used, shared or sold; to delete personal information held by business their service provider; to opt out of sale of personal information; and to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.

Businesses are subject to CCPA if one or more of the following are true: the business has gross annual revenue in excess of $25 million; the business buys, receives or sells the personal information of 50,000 or more consumers, households or devices; or if the business derives 50% or more of annual revenues from selling consumers’ personal information.

The following are new business obligations the CCPA imposes: businesses subject to the CCPA must provide notice to consumers at or before data collection; businesses must respond to requests from consumers to know, delete and opt-out within specific timeframes; businesses must verify the identity of consumers who make requests to know and to delete, whether or not the consumer maintains a password-protected account with the business; businesses must disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information; and businesses must maintain records of requests and how they responded for 24 months in order to demonstrate their compliance.

Read more here.