California Consumer Privacy Act Gives Consumer Certain Rights Regarding Their Collected Personal Information

California Consumer Privacy Act Gives Consumer Certain Rights Regarding Their Collected Personal Information

On January 1, 2020, the California Consumer Privacy Act (“CCPA”), the most comprehensive privacy legislation in the United States, will go into effect.

In the internet age, businesses collect an enormous amount of data about consumers.  This includes identification, health, biometric, geolocation, credit and financial information.  Unfortunately, as the level of collection has grown, the hacking and unauthorized use of such data has also increased dramatically.  

The CCPA is designed to provide protection to California consumers by: 1) limiting unauthorized disclosures and losses of personal information; 2) giving consumers control of their personal information; and 3) penalizing businesses for violations. 

California residents will have new rights regarding access to, deletion of, and sharing of their personal consumer data. Consumers will have the right to request disclosure of the categories and specific personal information being collected by the business, and the right to request disclosure of the business or commercial purpose of collecting the personal information.  Consumers can request that companies selling or disclosing their personal information for a business purpose disclose the identity of the third parties to whom their information is sold or disclosed. 

Further, California residents will also have the right to request to opt out of the sale of their personal information, barring a few exceptions. The CCPA has specific requirements when it comes to the personal information of children, requiring that businesses obtain opt-in consent from children between ages of 13-16, and the opt-in consent of the parent or guardian of a child under 13 years of age before selling their personal information. 

California residents can also request that businesses delete the personal information, subject to certain restrictions. 

The CCPA requires that businesses implement reasonable security procedures to protect consumer information. If there is a breach of that duty, e.g., if a California consumer’s personal information is subject to unauthorized access, theft, or disclosure, the CCPA provides a private right of action for a consumer to recover damages in an amount between $100 and $750 or actual damages, whichever is greater. Businesses cannot discriminate against a California resident for exercising any of their rights under the CCPA.

The CCPA requires compliance by for-profit businesses that: 1) have an annual gross revenue of at least $25 million; 2) buy, receive, sell, or share consumer data from 50,000 or more consumers, households, or devices; or 3) gain a majority of their annual revenue from the selling of personal data. 

The Attorney General of California is currently in the process of drafting and finalizing the regulations pertaining to the California Consumer Privacy Act.  Moreover, the U.S. Senate is also considering a comprehensive piece of legislation regarding privacy rights.

For more information on the California Consumer Privacy Act, you may contact Minami Tamaki at (415) 788-9000 or through our online form.

*The contents of this website are intended to convey general information only, and does not constitute legal advice. 

About the Author