Following the European Union’s lead, California passed a law that gives its residents some of the strongest data-privacy protections in the world. Even though this legislation is not as far-reaching as EU’s General Data Protection Regulation (GDPR), businesses need to know about it. By looking at the 5 Ws — what, who, why, when, and where — you can get a good idea of what this law is all about.

What Legislation Was Passed?

In June 2018, the California State Legislature passed Assembly Bill (AB) 375, which is also known as the California Consumer Privacy Act (CCPA). This legislation provides California residents with consumer privacy rights so that they will have more control over their personal data and more protection against data breaches. In general, CCPA gives residents:

  • The right to know the types of personal information that companies are collecting about them
  • The right to know to whom their personal data is being sold or disclosed
  • The right to tell businesses not to sell or share their personal information
  • The right to hold businesses accountable for safeguarding their personal data

California’s attorney general will be responsible for enforcing CCPA and will have the power to fine non-compliant businesses. In addition, CCPA will make it easier for consumers to sue companies if their personal data is stolen in a data breach.

Who Will Be Affected by CCPA?

The residents of California will be affected by CCPA. Large companies will also be affected, but they do not necessarily have to be located in California.

Large companies will be required to comply with CCPA if they collect or sell Californian’s personal data, no matter where the business is located (e.g., a different state or country). Small and mid-sized companies do not have to comply at this time. However, any-sized data broker whose entire business model revolves around the sale of consumers’ personal data must comply.

Why Is It Important for All Businesses to Know about CCPA?

All businesses, no matter their size or location, should be familiar with CCPA for several reasons. For starters, this law might lead to others like it. The CCPA initiative started as a grassroots movement among California citizens. Encouraged by their success, citizens in other states might try to get similar legislation passed. CCPA provides a roadmap on how to do so.

Secondly, there might eventually be a push to expand CCPA’s scope so that all businesses (not just large ones) must comply with it. GDPR serves as an important precedence in this regard. All businesses that process or hold the personal data of EU citizens must adhere to it.

When Does CCPA Take Effect?

Although the legislation has been passed, it won’t go into effect until January 1, 2020. This delay will give businesses time to comply with it. Plus, it will allow time for any necessary amendments to be made.

Where Is There More Information about CCPA?

If you would like more information about CCPA, the best place to start is the California Consumer Privacy Act website. It includes many resources, including “Facts” and “Updates” pages. You can also check out the “California’s Data Privacy Law: What It Is and How to Comply (A Step-By-Step Guide)” as well as AB 375.