What Is the California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA) was enacted on June 28, 2018 and went into effect in 2020. The law is aimed at protecting the privacy of consumers in California by granting them certain rights over their personal data. Under the CCPA, businesses must provide clear notice to consumers when collecting their data, inform them of the categories of personal information being collected and sold, respond to any consumer requests regarding their data and refrain from discriminating against customers who exercise these rights. 

In addition to providing consumers with more control over their data, the CCPA requires businesses to implement reasonable security measures that protect personal information from unauthorized access or use. Businesses must also delete a consumer’s personal information upon request as well as comply with the regulations if they collect personal information from minors.

Marketing to consumers via email requires compliance with California’s CCPA, which protects a consumer’s right to:

• Know how their data is used
• Request for deletion of their data
• Opt-out of email marketing
• Not be discriminated for exercising these rights

 Consumers have the right to know:

• Sources of data collection
• Categories of personal data collected
• How the business uses the collected data
• Whether the data is shared with third parties. 

The CCPA also requires businesses to provide an opt-out option, so consumers can tell companies not to sell their personal data. Companies must respond within 45 days of receiving a consumer’s request and provide them with information about how it uses their data and whether or not it sold it. Businesses must also take measures to ensure that consumers are informed of any changes made to how their personal data is used or collected. 

The business must have a simple process for consumers to submit their request for information disclosures and deletion requests. Businesses must:

• Provide at least two methods for submitting requests, including email addresses, websites, or paper forms.
• Depending on the type of business (online, physical location, both), methods must be accessible to all consumers and include:
  • A toll free number
  • A website
  • If a business is online only, an email address
• Consumers should be able to request information without creating accounts and must be able to submit requests through accounts they previously created, if applicable.

A privacy policy must provide consumers with information on how to request information. The policy must:

• Advise clients on the appropriate methods for submitting information
• The time period the business has to respond to requests (45 days, unless consumers are informed of the extension)
• Inform clients that the business has the right to confirm a consumer’s identity to effectuate the request. Any information used to verify identities must only be used for verification purposes.

When Can a Business Deny a Request? | California Consumer Privacy Act

• When the consumer’s information cannot be verified
• The request is unreasonable
  • Excessive-Making numerous requests within one year or extremely unfounded requests
  • A request would entail disclosure of sensitive information, including bank account numbers, social security numbers, etc.
  • The request would violate a compliance or legal restriction or law
  • The request falls into a CCPA exempt category

The California Attorney General has the authority to enforce all aspects of the law and has proposed certain regulations regarding the CCPA which will go into effect on July 1, 2020. While there are still some details that need to be addressed before the law is fully implemented, the CCPA provides a major step forward in protecting consumer privacy. 

For businesses that operate in California or have customers from the state, understanding and complying with the CCPA is essential to ensure consumer data is properly handled and protected. Companies should review their current policies to make sure they are up-to-date and compliant with the regulations set forth by the CCPA. Furthermore, businesses should provide consumers with information about how their personal data will be used so that customers can make an informed decision as to whether or not they wish for it to be sold or shared. By doing so, companies can create trust between them and their customers while also remaining compliant with the law. 

The implementation of the CCPA is a major step towards creating better consumer privacy protections in California and beyond. By providing consumers with more control over their data, businesses will be able to build trust and attract customers who value the security of their personal information. It is important that companies take the necessary steps to ensure they are compliant with this law to avoid any potential legal repercussions. 

Though it is still too early to tell how effective the CCPA will be in protecting consumer privacy, it is an encouraging sign that states are taking steps to improve the way companies handle personal information. With continued vigilance from both businesses and consumers alike, we can work together to create a safer online environment for all.  rokitalaw