It is summer and you just finished all the hard work to make sure your organization addressed all applicable California Consumer Privacy Act (CCPA or the “Act”) requirements. You sit down, take a deep breath, and see what California has been up to during your CCPA preparations. Well, lo and behold, California wants to give the nation’s most aggressive data protection law a facelift in a new ballot initiative to be voted on this November.
You may remember that California pioneered the first sweeping privacy reform in the United States in 2018 when the CCPA was passed. The Act was amended in 2019 and went into effect January 1, 2020, with enforcement beginning July 1 of this year. Taft’s Privacy & Data Security group has provided information regarding the data requirements of the CCPA in previous blog posts, but generally, the Act affords consumers the right to know what information is being collected from them, the right to prohibit businesses from keeping their information, and the right to opt-out of the sale of their personal information, among other things. The CCPA already reaches outside California state lines, as it applies to companies that do business within the state that have revenues of over $25 million per year, derive at least 50% of its revenue from selling information, or buy, sell or share personal information of at least 50,000 California consumers, households or devices.