It certainly was a very happy holiday season kick off for U.S. retailers in November, with Black Friday seeing $7.2 billion in digital sales alone (up 14% from last year). However, increased consumer spending is not the only thing causing so much hustle and bustle for retailers and online businesses; new privacy laws are on their way and companies are dashing to get compliant.
Over the past month, most everyone, whether a California resident or not, has received notices from numerous online companies encouraging users to review updates made to the companies’ terms of use and privacy policies. These seemingly synchronized updates are certainly not a coincidence, but rather last-minute efforts to wrap up compliance with the California Consumer Privacy Act (CCPA), which is set to go in effect on New Year’s Day.
Coming on the heels of Europe’s GDPR, the CCPA is the most comprehensive set of online privacy regulations in the U.S. The new rights granted to consumers under the CCPA include:
• The right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information;
• The right to delete personal information held by businesses and by extension, a business’s service provider;
• The right to opt-out of sale of personal information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13.
• The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
Businesses are subject to the CCPA if one or more of the following are true:
• It has gross annual revenues in excess of $25 million;
• Buys, sells or receives the personal information of 50,000 or more consumers, households, or devices; or
• Derives 50 percent or more of annual revenues from selling consumers’ personal information.
The burden imposed by the CCPA is significant, as it not only requires companies to overhaul their websites to ensure that all notices and opt-out links are provided to users, but it also likely requires changes to company internal procedures and employee training in order to maintain compliance.
Violations of the CCPA create private causes of action for consumers, and also empowers the CA Attorney General (AG) to pursue cases against businesses for damages of up to $7,500 per violation for intentional, or willful violations. So, the countdown is on for companies to contact a privacy attorney and, at a minimum, take steps to reduce exposure to private suits. AG enforcement isn’t set to begin until mid-2020, so there is still time to get your reindeer in a row.