What You Need to Know About the CCPA’s New Data Collection Law AB 375
You may or may not have heard about the California Consumer
Privacy Act (“CCPA”) and the new bill AB 375, but it’s a topic companies should
be aware of. Thankfully, we’re here to break them down for you because legal
isn’t fun for everyone to read.
What is the
CCPA?
The California Consumer Privacy Act protects personal data of
California residents
Does the CCPA
and AB375 affect my company?
If you’re a company that serves California residents and have at
least $25 million in annual revenue, yes. Additionally, if your company has
personal data on more than 50k people or collect more than half the revenue by
the sale of personal data, yes.
When does my
company need to comply?
Now. The law went into effect on January 1, 2020.
What does AB
375 do?
It allows for Californian residents to find out what data is
collected and stored, why and with whom. It also allows them to opt out of the
sale of their data and to ask for the deletion of their data.
How does my
company comply?
Companies must allow consumers
to opt out of having their data shared with 3rd party companies and
how they go about opting out must be clear and concise on their websites. For
companies moving forward, this means they will need to separate out the data
they collect based on what consumers pick as their privacy choice. This means
that companies will have to sort and separate their lists based upon the
information that consumers allow to be shared.
Is there a
way around losing data?
Yes, as of now, there is. Currently, a company can offer an incentive for a consumer
to share their information such as a discount. This may (and most likely) will
change.
What if my
company doesn’t comply?
30 days after receiving a notification from regulators, though I
wouldn’t wait until they send a violation. If the issue isn’t fixed, you could
be fined up to $7.5k PER RECORD.
The new bill allows for individual’s right to sue and also allows
for class action lawsuits to be filed for damages. However, there is still a
30-day window from when written notice is received from a customer. If the
company doesn’t fix the issue and the attorney general decides not to
prosecute, then it can become a class action suit.
The law also requires that companies have a clear and visible
footer on their websites that provides consumers the option of opting out of
data sharing. Consumers can sue if that footer is missing. Not only can they
sue if the footer is missing but also, if they aren’t provided with how their
information has been collected or get copies of the information.
Specifically, as written AB 375 allows for fines of $100 to $750
per consumer, per incident or actual damages, whichever number is greater.
What data is
considered “personal information”?
Per AB 375, the list is quite extensive:
- Identifiers such as a real name, alias, postal address,
unique personal identifier, online identifier IP address, email address,
account name, Social Security number, driver’s license number, passport number,
or other similar identifiers - Characteristics of protected classifications under
California or federal law - Commercial information including records of personal
property, products or services purchased, obtained or considered, or other
purchasing or consuming histories or tendencies - Biometric information
- Internet or other electronic network activity information
including, but not limited to, browsing history, search history and information
regarding a consumer’s interaction with a website, application or advertisement - Geolocation data
- Audio, electronic, visual, thermal, olfactory or similar
information - Professional or employment-related information
- Education information, defined as information that is not
publicly available personally identifiable information (PII) as defined in the
Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R.
Part 99) - Inferences drawn from any of the information identified in
this subdivision to create a profile about a consumer reflecting the consumer’s
preferences, characteristics, psychological trends, preferences, predispositions,
behavior, attitudes, intelligence, abilities and aptitudes
There is an amendment currently in the hopper, AB 874, that would
exempt publicly accessible, deidentified and aggregate consumer information
from being considered publicly identifiable information (“PII”). In simpler
terms, any information available from government records.
If you want to read more about the CCPA AB375 you can find it in its full legal glory here.
<!–[if lte IE 8]>
<![endif]–> hbspt.cta.load(4551527, ‘6f1f71a4-f6c6-483d-96ef-e2cdd41b2845’, {});
The post What You Need to Know About the CCPA’s New Data Collection Law AB 375 appeared first on Ignite Social Media Agency.