As we look back on the passing of another decade, and the vast technological advancements that were made during this short period of time, it’s no surprise that the laws have also been slowly evolving to respond to our new reality. In this technological age, data has become the biggest commodity. Governments are creating laws aimed to protect the personal information of its citizens and alters how businesses gather and use the information of their customers.
Many Canadian businesses target the consumer friendly state of California. It’s important to know that California has enacted the California Consumer Privacy Act (“CCPA”) which is aimed at protecting the personal information of its residents. The new CCPA is set to come into effect on January 1, 2020 and will have a ripple effect on not only the citizens of California and their personal information but also on the many businesses that operate inside California or with California residents. The new CCPA applies to major businesses that either 1) surpass a yearly revenue of $25 million, 2) have more than 50,000 consumers, or 3) generate half of their profit from the sale of personal data. If your business meets any one of these criteria, then you will want to review and update your data privacy policies immediately to avoid paying the penalties and fines for violating the new regulations.
The five key CCPA requirements are:
- Data inventory and mapping of in-scope personal data and instances of “selling” data
- New individual rights to data access and erasure
- New individual right to opt-out of data selling
- Updating service-level agreements with third-party data processors
- Remediation of information security gas and system vulnerabilities