EXECUTIVE SUMMARY:

With the new decade, the state of California ushered in CCPA (California Consumer Privacy Act), new consumer data protection regulations.

As the largest state economy in the US and fifth-largest in the world, California is forcing companies to comply with better consumer data practices, similar to the European Union’s General Data Protection Regulation (GDPR). Companies that do not have physical offices in the state of California, or even in the US, are also required to comply.

What are these new rules?

For consumers, two key new tenets of CCPA are being labeled as “the right to know” and “the right to say no.” This means that consumers now have the right to demand that companies inform them about any personal data that has been collected, that consumers can opt out of the sale of their data to third parties, and can request for companies to delete their data.

While the common perception may be that the CCPA will overwhelmingly affect social media and the big tech companies, this new law will affect any large company doing business online.

CCPA applies to any company operating in California with either annual revenue equal to or exceeding $25 million, any company that makes more than half of its money from user data, or collects data from more than 50,000 users.

How this law will be enforced has yet to be clarified, however Californians will be able to sue companies for “failing to take reasonable precautions to prevent data breaches.” The rest of enforcement will be left up to the attorney general’s office, which is expected to have a limited ability to handle a high volume of cases.

Someday, will companies have to pay for consumers’ data?

To read more about the fine print of the CCPA, see this article by Wired.