Following on the heels of the General Data Protection Regulation (GDPR) that went into effect in Europe and impacted all businesses that collect data on European customers, California passed similar regulations this past summer. On June 28, 2018, the California Legislature passed Assembly Bill 375 which enacted the California Consumer Privacy Act of 2018 (CCPA).
This new legislation gives consumers, who reside in California, the right to see any and all information businesses collect about them. It also gives consumers a say in how that information is used, shared, stored, and deleted.
Requirements and Impact of California Consumer Privacy Act
The new privacy act impacts any businesses doing business in California if they meet the following three criteria:
- They have an annual revenue of $25million or more.
- They have obtained personal customer information from 50,000 or more California residents.
- They are deriving at least 50 percent or more of their annual revenue from selling personal information on California residents.
Businesses that meet the criteria outlined by the California Consumer Privacy Act have until January 1, 2020, to establish procedures that comply with the new regulations. As is the same with the GDPR, those failing to comply with the CCPA will face steep penalties per each violation.
It’s pretty much a given, at this point, that we are likely to see more and more states implementing similar policies which will, no doubt, begin to impact a larger portion of US businesses with digital marketing, online sales, and consumer information practices.