November 18, 2019

REMINDER: Guidance On How To Comply With California’s Strict New Privacy Law

Last September, then-California Gov. Jerry Brown (D) signed into law a new consumer privacy measure that allows consumers to seek statutory or actual damages if their sensitive personal information is subject to unauthorized access, theft or disclosure as a result of a business’s failure to implement and maintain required reasonable security measures.

This new statute, the California Consumer Privacy Act, is one of the most stringent privacy laws in the United States. Businesses that meet specific criteria and collect personal information about California consumers are covered by the law and have until January 1, 2020 to be in compliance.

The National Association of Wholesalers has shared a legal brief outlining companies’ responsibilities. The NAW brief explains the law will apply to a business and its subsidiaries if it collects or receives personal information from California residents, directly or indirectly, and meets one or more of the following criteria:

  • The business has annual gross revenue that exceeds $25 million;
  • The business annually receives, buys, sells or shares, directly or indirectly, the personal information of 50,000 or more California residents, devices or households; or
  • Fifty percent or more of its annual revenue is derived from the sale of personal information about California consumers.

The law defines “personal information” as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

The law allows for fines of up to $2,500 per violation or $7,500 per intentional violation. There is no cap on the total amount of fines. Businesses have a period of 30 days to remedy alleged violations of the law before a fine can actually be assessed.

Click here for more information and to read NAW’s full summary.