At the start of 2020, California’s privacy regime underwent a major overhaul. The California Consumer Privacy Act (CCPA), sweeping legislation that had been in the works for the past few years, finally went into effect on January 1, 2020. The CCPA, which follows the lead of the European Union’s privacy laws, will impact both consumers and certain businesses subject to the Act throughout the state in several ways. Business subject to the new regulations include: (i) for-profit entities having yearly gross revenues over $25 million; (ii) businesses that make 50% or more of their annual revenue from selling personal information; and (iii) businesses that buy, sell, share, or receive the personal information of 50,000 or more “consumers, households, or devices.”
Now that the CCPA is in effect and the California Attorney General has issued guidance on how his office will interpret the law, it is essential to understand the CCPA’s requirements for compliance. As an obvious example, businesses will need to review and potentially rewrite existing privacy policies so that they accurately disclose all of the required information and inform California residents of their rights under the statute.