The CCPA : California’s new privacy legislation
A few weeks after the entry into application of the GDPR, California has committed in the path of strengthening the protection of personal data by adopting on June 28, 2018, the California Consumer Privacy Act (CCPA). Already effective since January 1, 2020, this act is at the federal level.
In order to strengthen people’s control over their data, the CCPA gives them differents new rights :
- The right to know what personal data is collected, used, shared or sold ;
- The right to delete personal data held bu companies and by extension, a companies’s service provider ;
- The right to opt-out of sale of personal data ;
- The right to non-discrimination relating to prices or service when a consumer uses a privacy right under the CCPA.
What kind of datas are covered by this act ?
Name, username, password, cell phone number and mailing address. But also data used by companies to track user behavior online, such as the IP address and devices identifiers. The act also covers data relating to race, religion, marital status, sexual orientation, military or former soldiers and biometric data. However, data found in public government documents is excluded.
What will happen if companies do not respect this act ?
They can be condemn $2,500 per violation or $7,500 if the violation is intentional. If the violations affect large groups of consumers, this cloud result in hefty fines. Moreover, this act allows Californiens citizens to sue companies if their data is lost in a data breach caused by the negligence of a companie.
What is the impact of the adoption of this act by California ?
Now, confidentiality is an important subject, so it’s no wonder that it’s affecting the whole contry. Nine other states are considering similar laws, Nevada and Maine have already adopted privacy laws.