California’s Consumer Privacy Act – How Companies can Prepare

August 6th, 2019

If your California company has not yet begun to prepare for the January 1, 2020 deadline for the California Consumer Privacy Act (“CCPA”), now is the time. The CCPA grants consumers new rights with respect to the collection of their personal information. The CCPA will impact for-profit companies that are based in California or doing business in the state that meets one of the following criteria: (1) the company generates more than $25 million in gross revenue, (2) the company receives or shares personal information of more than 50,000 people, or (3) your business earns at least half of its annual revenue by selling the personal information of residents in California.

Per the CCPA, “a consumer shall have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer” and consumers can also forbid companies from selling their information to third parties.

If you haven’t yet begun to prepare for the CCPA to come into effect, the following steps may help get the process started before the deadline. First, even though the CCPA and the GDPR are different, there are many cross-over requirements. As such, it could be in your company’s best interest to use your other privacy or GDPR systems to fulfill the CCPA requirements.

Additionally, it could be helpful for your company to develop a strategy to organize all personal information that your company manages and to also determine where exactly, if at all, your company sells personal information. Having these systems and knowledge of where all of your personal information is going and is stored will help your company comply with the CCPA. With regards to disclosures and privacy statements generated by your company, you should also ensure that those documents are properly updated before the January deadline.

Finally, even though the CCPA is the on the forefront of new privacy and consumer protection legislation in the United States, it will likely not be the last. Therefore, you and your company should be prepared for and paying attention to new developments in other states.