California is Taking the Lead When it Comes to Data Privacy Protection with its Imminent Implementation of the California Consumer Privacy Act of 2018
California is taking the lead when it comes to data privacy protection. While the requirements of the California Consumer Privacy Act of 2018 are not as stringent as the European Union’s General Data Protection Requirements (GDPR), the state will require businesses to take several additional steps to safeguard consumer privacy.
California Consumer Privacy Act of 2018
Gov. Jerry Brown signed the California Consumer Privacy Act of 2018 (California Consumer Privacy Act) into law on June 28, 2018. Beginning January 1, 2020, consumers will have the right to request that a business to disclose the following:
The categories of personal information it has collected about that consumer;
The categories of sources from which the personal information is collected;
The business or commercial purpose for collecting or selling personal information;
The categories of third parties with whom the business shares personal information; and
The specific pieces of personal information it has collected about that consumer.
Like the GDPR, the new law creates a “right to be forgotten.” It specifically grants a consumer the right to request deletion of personal information and mandates businesses to delete such information upon receipt of a verified request. Consumers will also have the right to request that a business which sells the consumer’s personal information or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed. Under California’s new privacy law, a business will be required to provide this information within 45 days of receiving a verifiable consumer request.
The California Consumer Privacy Act also authorizes a consumer to opt out of the sale of personal information by a business and prohibits the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data. At the same time, the new law does authorize businesses to offer financial incentives for the collection of personal information. Additionally, California’s new privacy law bans businesses from selling the personal information of a consumer under 16 years of age, unless the children or their parents expressly opt in.
Businesses must also take certain steps to inform consumers about their privacy rights. For instance, they must provide a clear and conspicuous link on their Internet homepage, titled “Do Not Sell My Personal Information,” to a separate Web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information. A business may not require a consumer to create an account in order to direct the business not to sell the consumer’s personal information. The law also mandates that businesses provide at least two methods for consumers to make requests for information required to be disclosed (at a minimum a toll-free telephone number and, if applicable, a Web site address).
Under the law, civil penalties of up to $7,500 may be imposed per violation. When a breach of personal information occurs, the law entitles aggrieved consumers to statutory damages of no less than $100 and no more than $750 per consumer per incident, or actual damages, whichever is greater.
Businesses Subject to this California Law
The California Consumer Privacy Act won’t just impact businesses that call California home. The law applies to any for-profit business entities that do business in California, collects consumers’ personal information, and meets one or more of the following criteria: (1) have annual gross revenues greater than twenty-five million dollars ($25,000,000); (2) buy, receive, sell, or share personal information of 50,000 or more consumers annually; or (3) derive 50 percent or more of its annual revenues from selling consumers’ personal information. A “consumer” is defined as a natural person who is a California resident and includes California residents while they are traveling.
According to the International Association of Privacy Professionals, more than 500,000 U.S. businesses will fall under the purview of the new privacy law. Because many large businesses have taken steps to comply with GDPR, they should be in a good position to meet the new requirements of California’s privacy law. However, small and medium-sized businesses that are not subject to the GDPR should begin the process of reviewing their privacy policies and procedures to ensure they prepared to comply with the California Consumer Privacy Act by the end of this year.
Businesses should also closely monitor other state-level privacy laws that may impact their operations.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, David Einhorn, or the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Does Your Homeowners Insurance Provide Adequate Coverage?
Your home is likely your greatest asset, which is why it is so important to adequately protect it. Homeowners insurance protects you from the financial costs of unforeseen losses, such as theft, fire, and natural disasters, by helping you rebuild and replace possessions that were lost While the definition of “adequate” coverage depends upon a […]
Understanding the Importance of a Non-Contingent Offer
Making a non-contingent offer can dramatically increase your chances of securing a real estate transaction, particularly in competitive markets like New York City. However, buyers should understand that waiving contingencies, including those related to financing, or appraisals, also comes with significant risks. Determining your best strategy requires careful analysis of the property, the market, and […]
Fred D. Zemel Appointed Chair of Strategic Planning at Scarinci & Hollenbeck, LLC
Business Transactional Attorney Zemel to Spearhead Strategic Initiatives for Continued Growth and Innovation Little Falls, NJ – February 21, 2025 – Scarinci & Hollenbeck, LLC is pleased to announce that Partner Fred D. Zemel has been named Chair of the firm’s Strategic Planning Committee. In this role, Mr. Zemel will lead the committee in identifying, […]
Novation Agreement Process: Step-by-Step Guide for Businesses
Big changes sometimes occur during the life cycle of a contract. Cancelling a contract outright can be bad for your reputation and your bottom line. Businesses need to know how to best address a change in circumstances, while also protecting their legal rights. One option is to transfer the “benefits and the burdens” of a […]
What Is a Trade Secret? Key Elements and Legal Protections Explained
What is a trade secret and why you you protect them? Technology has made trade secret theft even easier and more prevalent. In fact, businesses lose billions of dollars every year due to trade secret theft committed by employees, competitors, and even foreign governments. But what is a trade secret? And how do you protect […]
What Is Title Insurance? Safeguarding Against Title Defects
If you are considering the purchase of a property, you may wonder — what is title insurance, do I need it, and why do I need it? Even seasoned property owners may question if the added expense and extra paperwork is really necessary, especially considering that people and entities insured by title insurance make fewer […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
New California Privacy Law to Take Impact on January 1, 2020
Author: Scarinci Hollenbeck, LLC
California is Taking the Lead When it Comes to Data Privacy Protection with its Imminent Implementation of the California Consumer Privacy Act of 2018
California is taking the lead when it comes to data privacy protection. While the requirements of the California Consumer Privacy Act of 2018 are not as stringent as the European Union’s General Data Protection Requirements (GDPR), the state will require businesses to take several additional steps to safeguard consumer privacy.
California Consumer Privacy Act of 2018
Gov. Jerry Brown signed the California Consumer Privacy Act of 2018 (California Consumer Privacy Act) into law on June 28, 2018. Beginning January 1, 2020, consumers will have the right to request that a business to disclose the following:
The categories of personal information it has collected about that consumer;
The categories of sources from which the personal information is collected;
The business or commercial purpose for collecting or selling personal information;
The categories of third parties with whom the business shares personal information; and
The specific pieces of personal information it has collected about that consumer.
Like the GDPR, the new law creates a “right to be forgotten.” It specifically grants a consumer the right to request deletion of personal information and mandates businesses to delete such information upon receipt of a verified request. Consumers will also have the right to request that a business which sells the consumer’s personal information or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed. Under California’s new privacy law, a business will be required to provide this information within 45 days of receiving a verifiable consumer request.
The California Consumer Privacy Act also authorizes a consumer to opt out of the sale of personal information by a business and prohibits the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data. At the same time, the new law does authorize businesses to offer financial incentives for the collection of personal information. Additionally, California’s new privacy law bans businesses from selling the personal information of a consumer under 16 years of age, unless the children or their parents expressly opt in.
Businesses must also take certain steps to inform consumers about their privacy rights. For instance, they must provide a clear and conspicuous link on their Internet homepage, titled “Do Not Sell My Personal Information,” to a separate Web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information. A business may not require a consumer to create an account in order to direct the business not to sell the consumer’s personal information. The law also mandates that businesses provide at least two methods for consumers to make requests for information required to be disclosed (at a minimum a toll-free telephone number and, if applicable, a Web site address).
Under the law, civil penalties of up to $7,500 may be imposed per violation. When a breach of personal information occurs, the law entitles aggrieved consumers to statutory damages of no less than $100 and no more than $750 per consumer per incident, or actual damages, whichever is greater.
Businesses Subject to this California Law
The California Consumer Privacy Act won’t just impact businesses that call California home. The law applies to any for-profit business entities that do business in California, collects consumers’ personal information, and meets one or more of the following criteria: (1) have annual gross revenues greater than twenty-five million dollars ($25,000,000); (2) buy, receive, sell, or share personal information of 50,000 or more consumers annually; or (3) derive 50 percent or more of its annual revenues from selling consumers’ personal information. A “consumer” is defined as a natural person who is a California resident and includes California residents while they are traveling.
According to the International Association of Privacy Professionals, more than 500,000 U.S. businesses will fall under the purview of the new privacy law. Because many large businesses have taken steps to comply with GDPR, they should be in a good position to meet the new requirements of California’s privacy law. However, small and medium-sized businesses that are not subject to the GDPR should begin the process of reviewing their privacy policies and procedures to ensure they prepared to comply with the California Consumer Privacy Act by the end of this year.
Businesses should also closely monitor other state-level privacy laws that may impact their operations.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, David Einhorn, or the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
