On the 1st. of January 2020 a new Data Privacy Act (Assembly Bill No. 375) will come into effect in California in the United States. Notably, there is now talk of a National approach to Data Privacy and Protection, not dissimilar to the GDPR in the wake of this proactive and progressive state actions.
The California Constitution grants a right of privacy. Existing law provides for the confidentiality of personal information in various contexts and requires a business or person that suffers a breach of security of computerized data that includes personal information, as defined, to disclose that breach, as specified.
This bill will enact the California Consumer Privacy Act of 2018. Beginning January 1, 2020, the bill will grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.
What does it mean?
Consumers are granted the right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose the categories of information that it collects and categories of information and the identity of 3rd parties to which the information was sold or disclosed. A business is required to provide this information in response to a verifiable consumer request.
Consumers can opt out of the sale of personal information by a business and would prohibit the business from discriminating against the consumer for exercising this right, including by charging the consumer who opts out a different price or providing the consumer a different quality of goods or services, except if the difference is reasonably related to value provided by the consumer’s data.
A business is prohibited from selling the personal information of a consumer under 16 years of age, unless affirmatively authorized, as specified, to be referred to as the right to opt in.
The bill will prescribe various definitions for its purposes and would define “personal information” with reference to a broad list of characteristics and behaviors, personal and commercial, as well as inferences drawn from this information.
Criminal and Civil Penalties
The bill will provide for its enforcement by the Attorney General, as specified, and would provide a private right of action in connection with certain unauthorized access and ex-filtration, theft, or disclosure of a consumer’s non-encrypted or non-redacted personal information, as defined.
Get Ready now with the Global Data Protection Management System (GDPMS) from GDPR Forensic Limited and protect your Californian consumers and your business.
The GDPMS maintains your business Governance, Risk and Compliance for Data Privacy and Protection for the laws of more than 81 countries around the world. We help global business remain globally compliant and offer a turn-key data protection service for business that includes GRC Systems, Virtual DPO's and comprehensive support and mentoring through the process.