What is the California Consumer Privacy Act of 2018?

Photo by  Helloquence  on  Unsplash

Photo by Helloquence on Unsplash

On June 28, 2018, hot on the heels of the European Union’s General Data Protection Regulation, California passed a new law providing some of the strongest privacy protections to date in the US, outlining what a company can and cannot do with your data.  Although the law does not take effect until 2020, we can already begin to see movement from companies scrambling to comply with it.

The privacy act is broken up into 4 core sections: Own your personal information, Control your personal information, Secure your personal information, and Hold big corporations accountable. We have provided some key points below about how each section might impact you.

1. Own Your Personal Information

  • It is your right to know if information is being collected.

  • You can request that the business disclose what categories of personal information was collected, sold, and disclosed to whom.

2. Control Your Personal Information

  • You have a right to ‘opt out’ of your personal information being sold by a business.

  • You cannot be discriminated against if you decide to ‘opt out’ of having your information being sold. In other words, a business cannot give different pricing, different level of service, or different quality of goods.

3. Secure Your Personal Information

  • Any business must implement and maintain reasonable security procedures and practices to protect your personal information.

4. Hold Big Corporations Accountable

  • These rules apply to businesses that satisfy one or more of the following thresholds:

    • that have annual gross revenues in excess of $25,000,000

    • that annually buys, receives for business’ commercial purposes, sells or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices

    • that derive 50% or more of its annual revenues from selling consumers’ personal information

  • All businesses must comply if they deal with Californians’ personal information. Even companies located outside of California.

When it comes to privacy in the US, this is a great first step but this is just the beginning of our journey towards giving you back control of your personal data. However, there are a few things that the act falls short on, such as completely removing the data from the business or getting a copy of the data that the business was able to collect about you.  Until our vision of a world where you have complete control of how your data is used becomes a reality, the NetCloak team will be hard at work. Check us out at https://netcloak.io.

Updated June 2019: The thresholds and references have been updated to reflect the latest version of the bill.