CCPA and The Regulatory Landscape

The State of California recently passed the California Consumer Privacy Act of 2018 (CCPA). The CCPA grants new rights to consumers with respect to their personal information. This law, which will go into effect in January 2020, imposes serious responsibilities and liabilities on businesses who engage in commercial activities with residents of California.

Under the CCPA, consumers gain the rights to (1) know when and what personal information is collected by businesses and for what purposes as well as the categories of any third party with which the information is shared, (2) request copies of all personal information that a business retains about the consumer, (3) deletion of any personal information retained by the business upon request of the consumer, (4) opt out of their personal information being sold to third parties by the business. To comply with this opt out requirement, businesses must add a “clear and conspicuous” link on their homepage titled “Do Not Sell My Personal Information,” and to (5) equal service and price. This final right means that businesses cannot provide a lesser service or charge a higher price for the same level of service if a consumer refuses to provide personal information.

To make it perfectly clear how onerous this is for companies, “collecting” is defined under the law as “buying, renting, gathering, obtaining, receiving, or accessing any personal information pertaining to a consumer by any means. This includes receiving information from the consumer, either actively or passively, or by observing the consumer’s behavior.

Repercussions for violations:  

State Action: The California Attorney General may levy, after a 30-day grace period for company remedy/cure, fines of up to $2500 per violation for companies who negligently violate the CCPA and fines of up to $7500 per violation for companies who intentionally violate the CCPA.

Private Action: Private parties can also bring suit if companies fail to implement reasonable security measures to protect personal information that they retain (this refers to data breaches). Consumers may seek restitution from the Business in violation of this act with a minimum of one hundred dollars ($100) and a maximum of seven hundred and fifty dollars ($750) per violation.

What can/should you do about this?

Nomena develops login solutions thats helps with CCPA compliance while allowing businesses to maintain relationships with their customers.

Our engineering team has over forty years of programming experience. Our leadership team includes a former biochemical COO, an NSA cryptographer, and legal professionals.

Next Steps:

Schedule a meeting. We want to get to know you. Through a consultative process we will identify potential liabilities and whether our solutions can help. We’re based in Bellevue, Washington and particularly enjoy working with local companies.