In the current technological world, it is rare to find a company that does not collect data. Some businesses also profit financially from selling private data. In 2018, the state of California passed a new data privacy law that affects most companies across the U.S. The consumer privacy act (also known as AB 375) is the first significant data privacy law that the U.S has ever passed. The law allows Californians to:
- know what private data a company collects about them,
- know whether the company sells or discloses their data, and to whom
- Have access to their private data.
The law also allows Californians to sue any company that violates privacy guidelines, even if there is no breach. Read on to discover four facts about the new California Consumer Privacy Act.
- Affected Companies. The AB 375 affects all companies that serve California residents and have an annual revenue of at least $25 million. However, companies of any size that have personal data on at least 50,000 people must comply with the new law. Additionally, any company that collects half of its revenue from selling private information falls under the AB 375. The affected businesses do not have to be based in California to fall under the law. However, in April 2019, the law was amended to exclude insurance institutions, agents, and support organizations since they are already under similar regulation.
- Compliance Date. The new California consumer privacy law goes into effect on January 1, 2020. However, companies were expected to have their data tracking system by January 2019. This move is vital since the law allows customers to request any data that a company has collected over the last 12 months.
- Non-Compliance. If a company gets a notice of violation from the authorities, it has 30 days to comply with the law. If the company fails to comply, they will have to pay a fine of up to $7,500 per record. The law also allows customers to sue a company that violates their rights. Additionally, the law enables class-action lawsuits for damages. Again, the company has 30 days to comply with the law after the customers provide them with a written notice.
- Key Provisions. Every company must allow their customers to choose whether they should share their data with third parties. As such, businesses will have to separate the data they collect. However, a company can offer incentives to clients who allow the business to share or sell their private information. The California law also grants customers access to their records. Californians now have the right to find out the type of information that a company collects on them and decide whether the company should sell or share that data.
The new California Consumer Privacy act requires security teams to work closely with database administrators. Any tool that will be used to help deal with the law must have access to data stored across the entire corporate environment. As such, it is wise to consult with SoCalInternetLawyer.com when dealing with the new California consumer privacy act.