California to Pass New Privacy Law: CA Consumer Privacy Act
A major new consumer privacy law is coming to California as California Democrats and the leadership behind the California Consumer Privacy Act have a tentative agreement to avoid a November ballot initiative on privacy.
If the California Legislature passes the agreed on privacy law and that bill is signed by California Governor Jerry Brown in the next week, the California Consumer Privacy Act will be withdrawn from the November ballot. The final ballot for November must be set on June 28th, necessitating the speedy passage of the new privacy law to avoid putting it up for a vote. The privacy law, according to many reports, had more than enough signatures to make a spot on the ballot likely before the agreement was reached.
Assembly Bill 375 has been amended to contain the new privacy bill. If passed, the law would go into effect on January 1, 2020.
The law is intended to give residents of California the following rights:
– The right to know what personal information is collected about them.
– The right to know whether their personal information is sold or disclosed and to whom.
– The right of Californians to say no to the sale of personal information.
– The right to access their personal information at businesses.
– The right to equal service and price even if they exercise their privacy rights.
It applies to organizations doing business in the State of California that either (a) have annual gross revenues in excess of $25 million, (b) handles the personal information of at least 50,000 consumers or devices, or (c) derive 50 percent or more in annual revenue from selling consumers’ personal information.
Personal information includes real name, postal address, IP address, email address, social security number, driver’s license number, biometric information, browsing history, search history, geolocation data, commercial information (such as records of purchasing personal property or services), employment information, certain education information, and inferences drawn from any of this information. Personal information does not include publicly made available information lawfully available from federal, state or local government records.
Specifically, the California Consumer Privacy Act provides for:
– Businesses must inform consumers of the categories of personal information collected and the purposes it will be used at or before the point of collection.
– Consumers have the right to tell a business not to sell their personal information (“opt-out”). Businesses may not sell the personal information of a consumer less than 16 years of age unless there has been an “opt in”.
– Consumers can request disclosure of the categories and specific pieces of personal information a business has collected, as well as the categories of personal information sold and the categories of third parties to whom the personal information was sold.
– Consumers have the right to request a business delete any personal information collected.
Most violations of the law would be enforced by the CA Attorney General with an exception for consumer lawsuits in any data breach that the AG declined to take to court.
Here is the current version of the proposed bill.
June 28, 2018 Update:
The law has passed. Learn more about California’s new law in our overview of the California Consumer Privacy Act
Other Blog Posts on the California Consumer Privacy Act:
PWC Survey on CCPA: Enterprise Compliance Expected at 52% by January 1, 2020
California Adopts SB-1121 Amendments to Consumer Privacy Act
SB 1121 to Amend California Consumer Privacy Act Soon
California AG Objects to 5 Sections of CCPA Privacy Law
SB 1121 Won’t Make Substantive Changes to New California Privacy Law
SB 1121 Amendments Kickoff Debate Over California Consumer Privacy Act Changes
Expect AG to Issue California Privacy Regulations in June 2019
Will California’s Privacy Law Extend to the Rest of the Country?
Big Day for California Privacy Law
Contact Clarip for Help with Your Privacy Program
The Clarip data privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping software, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie consent manager, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.