What changes will companies nationwide need to make before 2020 to comply with the new California Consumer Protection Act?
May 1, 2019
The consumer privacy space is constantly changing, and now companies have a new set of consumer privacy regulations with which they must comply. This new regulation is called the California Consumer Protection Act of 2018 (the “CCPA”). The CCPA is somewhat analogous to the European Union’s General Data Protection Regulation (the “GDPR”), but also has important differences.
Like the GDPR, the CCPA focuses on consumer data and requires companies to be transparent in how they collect, share, and use such data. Most notably, the CCPA takes a broader view of what constitutes personal information.
The CCPA goes into effect January 1, 2020. As a legal matter, it only applies to companies operating in California; but as a practical matter, it will have nationwide effect. Many companies will be subject to the CCPA by virtue of having California residents among their customers. Therefore, because it is difficult to offer a different website tailored specifically to residents of a certain state, many companies will need to make sure their privacy disclosures, policies, and websites are up to date and comply with the CCPA.
Companies need to make sure they are proactively disclosing the following information to Consumers:
- the existence and nature of Consumers’ rights under the CCPA;
- the categories of Personal Information being collected;
- the purposes for which Personal Information is collected; and
- the categories of Personal Information that it sold or disclosed to the third parties and the categories of third parties to whom that information is being disclosed.
Additionally, service level agreements with third parties may need to be revised.
Click the PDF below for a full analysis of the CCPA and steps you can take now to be compliant by 2020.