REMINDER: California Privacy Law To Take Effect January 1 Will Affect Businesses Across United States.
Last week, The Associated Press examined how a new data privacy law set to go into effect in California on January 1, 2020 will impact employers and manufacturers across the entire United States. The wire service noted, “Companies across the country need to be aware of the law’s complex requirements even if they don’t deal directly with consumers. It covers companies that conduct business in California, including out-of-state companies that sell products or merchandise to California residents. The law can also cover companies that make money from providing services like payment processing or website hosting to businesses that are subject to the law.”
What is this new statute? In September 2018, then-California Gov. Jerry Brown (D) signed a consumer privacy measure that allows consumers to seek statutory or actual damages if their sensitive personal information is subject to unauthorized access, theft or disclosure as a result of a business’s failure to implement and maintain required reasonable security measures.
This new statute, the California Consumer Privacy Act, is one of the most stringent privacy laws in the United States. Businesses that meet specific criteria and collect personal information about California consumers are covered by the law and have until January 1, 2020 to be in compliance.
The National Association of Wholesalers has shared a legal brief outlining companies’ responsibilities. The NAW brief explains the law will apply to a business and its subsidiaries if it collects or receives personal information from California residents, directly or indirectly, and meets one or more of the following criteria:
- The business has annual gross revenue that exceeds $25 million;
- The business annually receives, buys, sells or shares, directly or indirectly, the personal information of 50,000 or more California residents, devices or households; or
- Fifty percent or more of its annual revenue is derived from the sale of personal information about California consumers.
The law defines “personal information” as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The law allows for fines of up to $2,500 per violation or $7,500 per intentional violation. There is no cap on the total amount of fines. Businesses have a period of 30 days to remedy alleged violations of the law before a fine can actually be assessed.
Click here for more information and to read NAW’s full summary.