July 2, 2018
To learn more about Lathrop GPM, click here ›
California's New Privacy Protections Pack Significant Punch
California has enacted a sweeping digital privacy law, creating new protections and rights for consumers’ personal information. The law, which goes into effect in 2020, gives consumers a greater right to know and control their personal data held by others. While similar in some respects, the new law is not as expansive as the EU’s General Data Protection Regulation (GDPR), which became effective last month. Still, the new California Consumer Privacy Act ranks among the most comprehensive privacy laws in the United States.
Expect changes to the law before it becomes effective. The California legislature passed the bill to avoid a ballot initiative set for November, which offered more protections but also more potential confusion and turmoil. Governor Jerry Brown signed the bill into law just hours before the deadline to pull the ballot initiative. The new law and its ensuing debate over amendments may set the tone for other state and national legislation.
How is the law similar to the GDPR?
The law grants consumers a host of new protections and rights for their personal information online. The act’s broad definition of “personal information” aligns more closely with the GDPR’s definition of “personal information” than the state's definitions of “personally identifiable information.” The act defines “personal information” to be “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
As with the GDPR, the new law gives consumers the right to know what information companies are collecting about them. It likewise allows consumers to know why companies are collecting their information and with whom they are sharing it.
Similar to the GDPR, Californians may require companies to delete their information, and not sell or share it. On websites, companies must place a conspicuous link that says, “Do Not Sell My Personal Information,” so consumers may opt out easily. Companies must give those who opt out of selling their information the same quality of service. Companies may, however, use financial incentives to entice consumers to opt in.
The law also includes additional protections for children. A company cannot sell a 13 to 16 year old person’s information without his or her consent. If younger than 13, the minor’s parent must consent.
Following a data breach, the law makes it easier for consumers to sue companies after a breach. It also allows California’s attorney general more power to punish companies who fail to adhere to data protection regulations.
How does this new privacy law affect businesses outside California?
The new law will apply to any for-profit entity that does business in the state of California and:
The reach is broad, as few businesses can ignore the California market.
What should a business do in light of the new California data privacy law?
California’s law is not set to take effect until 2020, giving businesses time to prepare and take in any amendments. As with the GDPR, however, it is imperative for businesses to heed these coming requirements, and not let them sneak up on them.
Let the cybersecurity and data privacy professionals at Lathrop Gage, Tedrick Housh and Jason Schwent, assist you with any of your data compliance and data privacy questions and concerns.
© 2020 LATHROP GPM, ALL RIGHTS RESERVEDCLICK HERE TO UNSUBSCRIBE | POWERED BY FIRMSEEK
The information contained in this document is provided to alert you to legal or tax developments and should not be considered legal or tax advice. It is not intended to and does not create an attorney-client relationship. Specific questions about how this information affects your particular situation should be addressed to one of the individuals listed or to your legal or tax advisor before taking any action based upon this information. No representations or warranties are made with respect to this information, including, without limitation, as to its completeness, timeliness, or accuracy, and Lathrop GPM shall have no obligation to update this information and shall not be liable for any decision made in connection with the information. The choice of a lawyer is an important decision and should not be based solely on advertisements.
If you do not wish to receive any further communication from Lathrop GPM LLP, please send an email to email@example.com with the subject UNSUBSCRIBE.