June 6, 2019

CCPA
Privacy Polices and the CCPA

On June 28, 2018, California enacted the California Consumer Privacy Act (“CCPA”), a groundbreaking, consumer-friendly, privacy law unlike any predecessor in the United States.  The California Consumer Privacy Act will impact almost all US-based businesses that collect consumer data from California State residents, as well as companies that provide assistance in connection with the processing of that consumer data.

The CCPA officially goes into effect on January 1, 2020, and, given its broad scope and applicability, US-businesses should begin taking the necessary steps to ensure that they are in full compliance with its various provisions.  In order to do so, affected businesses must, among other things, overhaul their online privacy policies to ensure that they include the requisite disclosures and consumer options.

What Changes Should I Make to My Privacy Policy So that It Complies with the California Consumer Privacy Act?

Key Privacy Policy Requirements Established by the CCPA

Passage of the CCPA stems from an evolving regime of laws in Europe, the United States and other parts of the world that seek to provide consumers with more information about, rights in, and control over, uses of their personal data.  In pursuit of those goals, the CCPA imposes certain requirements that must be included in online privacy policies.  Below is a partial list of some of the required disclosures that businesses must include in their respective privacy policies in order to comply with the CCPA:

  • Businesses must disclose what categories and specific items of personal information are collected about California consumers;
  • Businesses must disclose what sources they used to collect the applicable personal information;
  • Businesses must disclose the commercial or business purpose for which the personal information was collected;
  • Businesses must disclose the categories of personal information that will be shared with third-parties, as well as the categories of third-parties with whom such personal information will be shared;
  • Businesses must provide consumers with a description of their various rights provided by the CCPA; and
  • Businesses must ensure that their respective privacy policies contain a mechanism for consumers to opt out of having their personal information sold or disclosed to third parties.

Liability Under the CCPA

If found liable for violating the CCPA, including for having a non-CCPA compliant privacy policy, businesses can be fined up to Seven Thousand Five Hundred Dollars ($7,500.00) for each intentional violation, in addition to other remedies sought by the California State Attorney General.  While the CCPA does not go into effect until January 1, 2020, given the complexity involved in ensuring full compliance with the law, it is essential that businesses consult with experienced counsel now to ensure that privacy policies are CCPA-compliant.

If you are interested in learning more about this topic or require assistance in connection with consumer data privacy compliance for your business, please e-mail us at info@kleinmoynihan.com, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney.  Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Similar blog posts:

Comparing the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR)

Comparing the Washington Privacy Act (WPA) to the California Consumer Privacy Act (CCPA)

Does the California Consumer Privacy Act Apply to Your Business?

Copyright © 2013-2018 Klein Moynihan Turco LLP. All Rights Reserved.
Privacy Policy    Terms and Conditions
Attorney Advertising

STAY CONNECTED WITH US: