- CCPA will give consumers more control over how companies collect and manage their personal data.
- The CCPA applies to firms that collect California’s residents’ personal information or do business in California.
California’s attorney general has announced the proposed regulations for the California Consumer Privacy Act (CCPA), which goes into effect in January 2020. One of the most stringent data privacy law, CCPA will give consumers more control over how companies collect and manage their personal data.
Although the Act will take effect in the state on January 1, it will provide a further six months’ grace period before enforcement of the law actually begins.
To which firms does the Act apply?
The CCPA applies to firms that collect California’s residents’ personal information or do business in California. These include:
- Having annual gross revenue of over $25 million;
- Receiving or disclosing the personal information of 50,000 or more customers, household or devices per year;
- Deriving 50% or more of their annual revenues by selling the personal information of California residents.
The proposed regulations focus on five key areas:
- The process for handling various types of request;
- How to verify identities;
- Rules regarding minors; and
- Considerations related to the calculation of the value of consumer data.
Here is the full list of new laws added under the CCPA:
- Partial exemption for certain B2B communications or transactions that are involved in collecting consumer information. This includes employee, owner, director, officer or contractor of a business or government agency. However, this exemption expires after one year, at which point business will be covered by CCPA.
- Data brokers are required to register with the California Attorney General.
- The CCPA does not cover the collection of personal information from job applicants, employees, business owners, directors, officers, medical staff, or contractors for one year.
- The proposed regulation also streamlines the definition of ‘publicly available’ by indicating that the information is lawfully made available from federal, state, or local government records.
- The CCPA has also been revised to include more personal information in the event of a data breach. The new provision includes biometric data, tax identification numbers, passport numbers, military identification numbers, and unique identification numbers issued on a government document, driver’s licenses and California identification cards.