A new California law aims to provide consumers will more control over their personal information, which also means more guidelines for businesses to follow.
The California Consumer Privacy Act (CCPA) will go into effect on Jan. 1, 2020. Initially approved in 2018, the law grants Golden State consumers more control over who can access their data. For businesses, CCPA brings a series of new guidelines to follow.
More from Footwear News
Below, FN outlines four things to know about the California Consumer Privacy Act.
Consumers can prevent the sale of their data
The CCPA provides consumers with four broad privileges: the right to know, the right to delete, the right to opt out and the right to nondiscrimination. Right to know means consumers can know what personal information is being collected, held and sold, while right to delete means they can request businesses eliminate that information. The right to opt out applies specifically to sales and means consumers can decline to have their information sold. Finally, right to nondiscrimination means consumers cannot be charged more or given worse service as a result of exercising the previous three rights.
Every major retailer will be impacted
Small businesses aren’t affected under the CCPA, but businesses that make over $25 million in gross annual revenues or have personal info for 50,000-plus consumers, households and devices are impacted. Extra regulations apply to businesses with the data for 4 million or more consumers. That means major retailers doing business in California such as Walmart, Amazon and Target will have to make adjustments to comply. Specifically, companies will have to add a button to their sites or mobile apps allowing consumers to opt out. Businesses are legally obligated both to reply to consumer opt-out requests and to keep records of requests they’ve received.
If they don’t comply, business will face thousands of dollars in fines
Businesses will be charged $2,500 per violation of the CCPA — and fines increase to $7,500 if the government finds the violation to be intentional. It’s up to the California attorney general, Xavier Becerra, to take action if companies don’t reply to consumers’ requests to go through with deletion.
Consumers themselves have limited recourse in case of a violation. While they can sue in case of a data breach, they’re unable to take legal action for non-deletion.
The law is expected to protect more than $12B of personal info each year
Rough estimates from the state of California put the cost of complying with the CCPA’s regulations between $467 million and $16.454 billion over the next decade from 2020 to 2030. This number is specifically the cost associated with the regulations and not general compliance costs associated to the underlying CCPA law, the government noted. But the value of personal information that will be protected under the CCPA could be much higher — and more critical by certain tallies. As a result of the new legislation, more than $12 billion worth of personal info used in advertising will be protected each year, according to the state government.