The new California Consumer Privacy Act aims to protect consumers

Business / Security / Tech
California Consumer Privacy Act

There was some pushback from large California companies such as Google.

The California Consumer Privacy Act is taking aim at companies and giving consumers control over their data. The new law gives consumers the right to have their data deleted and keep companies from selling any data. On top of that, companies cannot deny access to services or be charged more if a consumer leverages the California Consumer Privacy Act. The bill was signed into law by Governor Jerry Brown on Thursday.

The new law is applicable to all establishments that do business in California and who also collect user data. The new law requires companies to disclose the information they keep, why they keep it, and with whom it is shared. The new law also has a contingency built-in should a company experience a data breach or a hack.

A consumer whose data is hacked is entitled to recover statutory damages of up to $750 in a civil suit when companies fail to maintain reasonable security procedures—if certain steps are followed. Consumers can’t sue unless they first notify the business and the state attorney general, and the business doesn’t correct the problem in 30 days and the state attorney general does not bar the suit.

Intentional violations can bring civil penalties of up to $7,500 per violation.

The new law also has some verbiage applicable to consumers who are minors. The law keeps companies from selling minors (13 and under) personal information unless the parents of the minor authorize the sale. For minors 13 thru 16, companies can sell their data if the minor “opts into the sale.”

As can be expected, there was some pushback from large California companies such as Google.

A number of tech giants strongly opposed the initiative and the legislative measure, although individual companies and groups representing them articulated few reasons. A Google executive said the act would have unintended consequences, but didn’t enumerate possibilities. A cellular operator trade group, the CTIA, said state-specific rules would confuse consumers and stifle innovation, especially if other states pile on.

The California Consumer Privacy Act will affect companies who have customers in the state and meet one or more of these criteria.

  • Gross at least $25 million annually
  • Interact with information from 50,000 or more people, households, or devices
  • Make half its annual revenue from the sale of personal data

It will be interesting to see how the new law affects how companies do business in California. What do you think of the new California Consumer Privacy Act? Let us know in the comments below or on Google+, Twitter, or Facebook.

  Source: ABAJournal  Source: Fortune
Comments
To Top