What Is The California Consumer Privacy Act CCP

The California Consumer Privacy Act was passed by the California State Legislature and signed into law by Governor Jerry Brown on June 28, 2018. It amends Part 4 of Division 3 of the California Civil Code.

On October 11, 2019, additional substantive amendments were signed into law.[7] The CCPA went into effect on January 1, 2020.[8] California voters passed Proposition 24 in November 2020. This is also known as the California Privacy Rights Act and amends and expands CCPA.[9]

Intent of the Act

The Act’s intent is to give California residents the right to:
Know what personal information about you is being collected.
Know if and to whom their personal data are sold or disclosed.
Say no to selling your personal data
Access to their personal data
Request that a business delete any personal information collected about a customer.
You will not be discriminated against if you exercise your privacy right.
Compliance

The CCPA is applicable to any business, even if it is a for-profit company, that collects personal data from consumers, does business in California, and meets at least one of these thresholds:

Has annual gross revenue exceeding $25 million;
If you buy, receive, or sell the personal information of at least 100,000 consumers or households, then you are in violation.

The CCPA does not require that the businesses it refers to be physically present in California. It applies to businesses that are active in California and meet the requirements, including internet transactions. However, the CCPA is not as clear about its geographical scope as other privacy laws, such as the GDPR.

Responsibility and accountability

Implement processes for obtaining parental consent from minors younger than 13 and affirmative consent from minors aged between 13 and 16 to share data for purposes (Cal. Civ. Code SS 1798.120 (c)).
The “Do Not Sell My Personal Information” link will be located on the homepage of a business’s website. This link will direct users to an opt-out web page that allows them or someone they have authorized to opt-out from the sale of personal information of residents (Cal. Civ. Code SS 1798.135(a)(1)).
You must designate a method for submitting requests to access data, including at least a free telephone number. Civ. Code SS 1798.130(a)).
Update privacy policies to include newly required information, including a description of California residents’ rights (Cal. Civ. Code SS 1798.135(a)(2)).

Avoid requesting consent to opt-in for 12 months following a California resident’s opting out (Cal. Civ. Code SS 1798.135(a)(5)).
Sanctions and remedies
The following sanctions or remedies can be imposed.

California residents can opt out of the law through companies, activists, associations, and others. Civ. Code SS 1798.135(c).
Companies that are victims of data theft, data security breaches, or other data security breaches may be ordered to pay civil class action lawsuits statutory damages between $100-$750 per California resident, incident, or actual damage, whichever is higher, and any other relief the court deems appropriate, subject to the option of the California Attorney General’s Office prosecuting the company rather than allowing civil suits against it (Cal. Civ. Code SS 1798.150).
Cal. Civ. Code SS 1798.155).