The governor of California signed on June 28, 2018 into a landmark privacy bill : the California Consumer Privacy Act (CCPA). The California Privacy Rights Act passed on November 3, 2020. More than 500 000 US SME's are concerned. Given California is considered as the fifth largest economy in the world, the CCPA stands to have a broad scope. The law targets any for-profit entity doing business in California, including remote and online business, that has more than $25 Million annual revenue, holds the PI of 50000 people or makes at least half of its revenue from PI sales .
The individual rights requirements are very similar to the GDPR rules. You have to provide certain disclosures to consumers, such as categories of PI collected, purpose for collection, description of consumer's rights and online privacy policy. You have to respond to consumer requests, free of charge within 45 days. There must be a "do not sell my PI" link on its website to make it easy for consumers to object to the sale of their PI. You must provide at least two methods for receiving the consumer requests, including a website, if the business maintains one, and a toll-free number.
Apart from this, the company is asked to train employees on consumer rights pursuant to the law, and do not discriminate against consumers who exercise their rights under the law.
Comments