California Consumer Privacy Act

The California Consumer Privacy Act is set to go into effect on January 1, 2020. The CCPA, similar in nature to GDPR, will provide California residents with new consumer data rights.

January 4, 2020

The California Consumer Privacy Act (“CCPA”) data rights include, but are not limited to, the following:

CCPA will only apply to businesses that meet one or more of these three criteria:

  1. have annual revenues greater than $25 million USD,
  2. businesses that buy / receive / sell personal information of 50k+ consumers, or
  3. businesses that derive 50% or more of annual revenues from selling consumers’ personal information

CCPA exempt businesses include HIPAA-compliant health insurers and providers, certain financial institutions, and credit reporting agencies.

The expected fine per unintentional and intentional violation is $2,500 and $7,500, respectively. Fines make sense, but I hope that the California Department of Justice can establish clear reporting and audit requirements to enforce these new regulations.