The big day for California Consumer Privacy Act (CCPA) is here! This new privacy law has officially become effective as of today. Are you ready to comply? Check out our post here about the introduction to CCPA.
This new law provides California consumers with a number of rights, namely:
- The Right to Know. A California consumer can request a business to disclose what personal information the business collects and the purposes of collection.
- Deletion Rights. A California consumer can request a business and its service providers to delete the personal information collected about them subject to certain exceptions. See this post for more information.
- The Right to Opt-Out and Opt-In. Under the CCPA:
- A California consumer who is at least 16 years old and older have the right to opt-out from a business’ sale of their personal information. This is where the requirement to post a notice of “Do Not Sell My Personal Information” comes in. CCPA requires that covered businesses post a “Do Not Sell My Personal Information” link clearly and conspicuously on their web page that will enables the consumer to opt out of the sale of their personal information.
- A California consumer who is less than 16 years old has the affirmative right to opt-in instead. If you market to consumers between 13 and 16 years of age, the consumer has to affirmatively authorize the sale of the personal information. If the consumers are under the age of 13, their parent or legal guardian have to affirmatively opt in.
- The Right to be Free from Discrimination. A business may not discriminate against its consumer who has exercised any of their consumer’s rights under the CCPA.
- A Private Right of Action. The CCPA includes a private right of action for data breach liability against businesses who fail to adopt reasonable data security practices.
Do you have a process and system in place to comply with these obligations when you receive a consumer request exercising their rights under the new law?