The California Consumer Privacy Act of 2018 has been recently signed into law and it will go into effect starting from 1st January 2020. This California data privacy protection act takes a giant leap forward in protecting consumer data-privacy rights. The act protects the rights of California citizens; hence every company and not just California companies, who provide their products and services to California residents, will have to abide by this law. This practically brings every company in the United States under its regulatory framework as it would be difficult for companies to make a separate website for California viewers and another one for rest of the states.
So, what is this new California data privacy protection act?
The California Consumer Privacy Act of 2018 gives and protects four basic rights of consumers (the natural persons who are California residents) with respect to their personal information:
- The bill gives California consumers the right to get their personal information deleted from company’s database on request, with some exceptions.
- The bill doesn’t permit companies to sell the information acquired from children less than 13 years of age without their parents’ consent. Also, teens between 13 and 16 years are required to ‘opt in’ to data-sharing.
- It also gives consumers the right to receive equal service and pricing from a business, even if they exercise their privacy rights under the Act.
What does the California Consumer Privacy Act of 2018 require companies to do?
Companies will have to take care of the following once this company data privacy act comes into effect:
- Update their privacy policies every 12 months to make the disclosures
- Disclose proactively the categories of personal information sold or even disclosed in the preceding 12 months.
- Companies selling consumer data need to inform consumers and give them the option to ‘opt out’ by providing a link called “Do Not Sell My Personal Information” on the home page of the company’s website.
- Consumers must be provided at least two means to submit requests for disclosure such as a toll-free telephone number and Web site.
- The information requested by the consumers must be disclosed within 45 days of the receipt of request and must be free of charge.
Companies need to take which compliance measures due to this company data privacy act?
Some suggested compliance measures for this company data privacy act are as under:
- Having procedures in place to determine what types of personal consumer data is being collected and for what purposes
- Updating websites and policies in accordance to the new law
- Anticipate a possible flood of consumer-driven litigation and be prepared for it
- Formulate new compliance strategies well before the law goes into effect on 1st January 2020.
To comply with this new California data privacy protection act, you will have to carefully device a strategy. It will be in your best interest to take guidance from an experienced lawyer. Allow LawTally to help you find the best lawyer!