On June 28, 2018, California passed the California Consumer Privacy Act of 2018 (AB 375) which is set to go into effect on January 1, 2020, though there may be amendments before then. The Privacy Act gives consumers greater control over how companies use their personal data. Under the Act:
- Customers can demand that companies delete their personal data and/or refrain from selling it
- Customers can demand that companies reveal what personal data they have collected, the reason it was collected, and which types of third parties have received it
- Companies cannot sell data from children under 16 years old
- Companies must comply with the above or be penalized
- Companies cannot charge customers higher prices or withdraw services as a result of privacy requests
The Act applies to California companies who gross at least $25 million annually, interact with 50,000 or more customers, or derive half their annual revenue from the sale of personal data. However, rather than applying different standards in different states, many companies have indicated that they will comply with this law no matter their location or size.
The California Consumer Privacy Act is seen as a likely starting point for further federal legislative data privacy action. While differing from the European Union’s General Data Protection Regulation (GDPR) in that the onus is on consumers rather than companies to initiate data privacy, the Act does represent a major legislative change.
How ACA Can Help
ACA Aponix can help your firm meet its California Consumer Privacy Act obligations. Our programs are customized to individual client's needs and typically include gap analyses, risk assessments, policy build-out, staff training, data mapping and vendor due diligence. We can advise on how to develop your technology and key business processes with data protection in mind.
For More Information
If you have questions, please contact your regular ACA Aponix consultant or email us at firstname.lastname@example.org.