As the groundbreaking California Consumer Privacy Act (CCPA) took effect on January 1, many were still working to understand the new requirements for businesses and rights bestowed to consumers. The California attorney general (AG) followed up on January 6 with a CCPA advisory pressrelease reviewing the regulations and restating that California residents are now afforded new, more stringent, data privacy rights. The CCPA has been bignews for anyone who does business in California. But the million-dollar question for New York-based companies that handle CA consumer data is whether the CCPA applies to them. While we still await clarity on many of the key components of the Act, the recent advisory does provide some useful reminders for businesses to think about.
Data Broker Registry
The advisory highlighted the January 31st deadline for the CCPA's data broker registry. Under the law, any business that knowingly collects and sells a consumer’s personal information to third parties (without having a direct relationship to that consumer) is required to register with the AG, pay afee, and provide some additional information. There is still some uncertainty around who exactly qualifies as a “data broker,” and many are hoping for further clarification when the next round of draft regulations is released,although the advisory did not offer any hints about when that would be.
Consumers’ Private Right of Action
The advisory also highlighted that businesses are required bylaw to implement and maintain reasonable security procedures and practices to protect consumers’ personal information. If a business fails to reasonably secure personal data and consumers are subject to an unauthorized breach as are sult, the CCPA allows for consumers to initiate a civil action.
Aside from these reminders, it is important to understand that compliance with the GDPR or other privacy laws does not equal compliance with the CCPA. And navigating compliance with this new law can be particularly complicated for out-of-state businesses that operate both nationally and internationally in what is currently a patchwork of privacy laws and regulations. Octillo Law PLLC works with clients to provide strategic and proactive advice that will allow businesses to navigate the ins and outs of not only the CCPA, but also any other laws that may impact them in the future.