In a matter of weeks, California businesses must be in compliance with a new data collection regulation, the California Consumer Protection Act (CCPA). This act requires companies conducting business in this state to adhere to stricter rules regarding consumer privacy.
If you operate a business in California, then you should know what this means for you and what you must do to prepare.
What are the new rules under the CCPA?
The CCPA provides protections to consumers regarding the personal information that businesses collect, sell and use. Under the CCPA, as discussed more fully in this Fortune article, consumers have more rights over this data, including the right to:
- Know what information a business collects and how the business uses it
- Request that the business delete the information
- Prohibit the sale of personal information
These consumers also have protection against discrimination by businesses. In other words, businesses cannot deny service or otherwise penalize someone for exercising his or her rights.
What must businesses do to comply?
To ensure your company meets these regulations, you would be wise to take the following steps sooner, rather than later:
- Update your privacy policies
- Update websites with necessary privacy information and opt-out links
- Create or update lists that track personal information data, sources and usage
- Develop processes for handling consumer requests properly
Parties who fail to take these steps to get in compliance can be at risk of huge penalties, including fines of up to $7,500 per violation. The deadline for compliance is Jan. 1, 2020, when the law goes into effect.
It is also important to note that there are other privacy laws and regulations with which businesses in this and other states must comply. While it can be complicated and confusing to comprehend all the requirements, you can work with a business law attorney who can help you understand your responsibilities.