Here we go again. At a time when many U.S. businesses are still chasing GDPR compliance (Europe’s far-reaching data privacy regulation enacted last May), they soon may also be subject to similarly intentioned legislation emerging from California. Signed into law by Governor Jerry Brown last June, the CCPA or California Consumer Privacy Act, will take effect on January 1, 2020.
Like the GDPR does for EU residents, the new law aims to give Golden State consumers greater control over how companies collect, handle and share their personal information. As CMS Wire, reports, the effects on all American companies, located inside or outside California, will be extensive and game-changing.
“State legislators are setting the stage for a fundamental realignment of how companies doing business in the state, and by extension, the whole U.S., interact with customer data.” Provided they meet certain revenue and record-processing criteria, the new law may apply to any for-profit entity that does business in California and collects personal data of its residents. Businesses found non-compliant face civil penalties of up to $2500 per violation and $7500 per intentional violation. If you haven’t begun discussing the CCPA with your Managed Services Provider or in-house IT team, now is the time to start. Prudent steps will include: mapping what data you collect and where it’s stored; reviewing current usage disclosures, privacy policies and consent forms; and ramping up your data governance program. Call us to learn more.