On behalf of Thaler Law on Friday, May 3, 2019.

At this point, it’s clear your business needs to have an online component to succeed. Exactly what you do online will depend on your business, but you’ll almost certainly collect some forms of user data. That means you could be subject to the California Consumer Privacy Act (CCPA), so what do you need to know about it?

For starters, you should know that the law is currently a major point of discussion among lawmakers. Ever since the law was passed, people have been volunteering their wish lists of changes. Some want exceptions. Others want tighter restrictions and more clearly drawn guidelines for enforcement. But while these arguments may lead to changes of some details, it is less likely they’ll lead to any fundamental changes to the law.

Businesses responsible to protect Californians data privacy

Boiled down to its essence, the CCPA offers California natives five data privacy rights. As the Los Angeles Times reports, the law gives individual users the right to:

  • Delete personal information
  • Know what personal information was collected
  • Know what personal information is being sold or shared
  • Prevent companies from selling their personal information
  • Access services without selling personal information for the same price as if they had consented to share their information

As lawmakers review the proposed changes, they may decide to shift the burden of responsibility of some matters in one direction or another. For example, the current law would likely force businesses to implement a “Do Not Sell” button, but lawmakers could still adopt changes that would ban businesses from selling data without explicit permission.

Time to get compliant

There are restrictions on the types of businesses that need to follow the CCPA. It only affects businesses that qualify in one of three ways:

  • Record at least $25 million in annual sales
  • Reach at least 50,000 users
  • Make at least half its money from the sale of personal information

These may initially look like large numbers, and for certain types of businesses, they are. But if you have positioned your business for successful growth online, you could easily eclipse one or more of these standards.

The time to consider CCPA compliance is now. The law may still evolve, but the principles have already been put into place. In fact, other states have already followed California’s lead, and the work you take now to become CCPA compliant may save you some trouble with other data privacy laws in the future.