Although amended twice (September 13th and October 11th of 2018) after its initial passage by the California State Legislature and being signed into law by Governor Jerry Brown in June of 2018, the California Consumer Privacy Act (California Civil Code Section 1798.100) (“CCPA”) becomes effective with the new year (January 1, 2020).
Although it is intended to protect and afford California residents with certain rights (in some areas, greater or somewhat different than the European Union’s General Data Protection Directive 2016/679), it affects non-profit entities that do business in California, and that collect personal information of consumers and either has annual gross revenues over $25 million OR buys or sells personal data of 50,000 or more consumers/households OR earns over half its annual revenue from selling consumer personal information.
If your organization fits into any of those categories, you are required to establish, put into place and maintain reasonable security procedures and practices to protect consumer data and to afford California residents the right to know what personal data is being collected about them; to know whether and to whom the consumer’s personal data is sold or disclosed; to refuse to permit the sale of their personal data; to access their personal information; and to ask you to delete personal information collected from them. The law also prohibits discrimination against any consumer for exercising any of their privacy rights under the CCPA.
If you would like to know more about the CCPA or have any questions about this post, don’t hesitate to contact me Joe Rosenbaum, or any of the Rimon lawyers with whom you regularly work.