California’s Consumer Privacy Act (CCPA) went into effect
on Jan. 1, 2020. While the CCPA has been interpreted as primarily
targeting technology companies and data brokers, it has broad reach
and applies to any business that handles the personal information
of California consumers and meets certain thresholds for annual
revenue or number of customers. The CCPA definition of
“personal information” includes any information that
can reasonably be linked to a particular consumer or household,
including but not limited to names, addresses, phone numbers, email
addresses, identification numbers, biometric information, location
data, IP addresses, and other internet or electronic network
activity.
The CCPA restricts how businesses may use, retain and disclose
personal information of California consumers and also grants new
rights to California consumers with regard to their personal
information, including the right to request that a business
disclose what information it is collecting and how it is used, as
well as what third parties, if any, the information is shared with.
The CCPA also allows consumers to opt out of the sale of their
personal information by a business and bars the business from
discriminating against the consumer for exercising that right.
Specifically, the CCPA grants California consumers the following
qualified rights:
- Right to Notice Before
Collection - Right to Know What Has Been
Collected - Right to Know What Is Sold or
Disclosed, and to Whom - Right to
Deletion - Right to Opt
Out of Sale - Right to
Nondiscrimination or Equal Service and
Price
Only California residents can exercise these rights, primarily
through a data subject access request (DSAR). The CCPA allows a
company to deny these requests, in whole or in part, if it must do
so in order to comply with federal, state or local laws, or with
regulatory inquiries, investigations, subpoenas or…