The California Consumer Privacy Act is here, but its impact remains unclear…
An article review.
On January 1st a new consumer privacy law went into effect in California, and while some are calling it “California’s GDPR,” the impact of the new legislation remains unclear.
The new law, detailed in an article submitted to us by our friend Wes Pollard, is called the California Consumer Privacy Act (CCPA) and it applies to businesses with more than 50,000 customers in California. The CCPA seeks to give users more control over their data, requiring companies to disclose how and why it is being stored. The law also provides for statutory damages in the case of a data breach, but only if the the company in question has been notified of an issue and have not responded to it within 30 days.
If your firm already has measures in place for GDPR compliance this new legislation is not likely to impose any new requirements, but users can expect a new round of pop-up privacy notices and other nagging interruptions as more organizations are required to disclose the use of their data.
While the law is already in place, enforcement will not begin until July so that businesses can prepare for the changes. The CCPA is currently the first and only such law of its kind in the country, but it can be assumed that other states will be watching California’s efforts and may introduce similar legislation in the future.
Original article by Kim Lyons writing for The Verge.