The California data privacy law 2020 will come into effect on January 1, 2020. Seven amendments have been examined by the CA legislature until September 13, 2019. The governor had 30 days until October 13, 2019, to sign the amendments and incorporate them into the law or veto bills that have passed the legislature.
The design of the California Consumer Privacy Act provides California residents with increased control over their personal data. Fundamentally, it enables consumers to be aware of their data, and how it is gathered, stored and processed.
Moreover, it grants a consumer with a right to request for the deletion of his or her data and also a right to opt-out from having their information sold.
It requires non-compliant companies to comply with its requirements and facilitate their users with data requests, update their privacy policies. Lastly, it wants companies to make sure that the vendors also comply with the requirements.
Many changes were suggested to the original version of the CCPA by various groups. A few imperative proposals that can impact financial institutions incorporate the following assembly bills.
This bill excludes personal information collected from job applicants, employees, business owners, directors, officers, medical staff or contractors from the CCPA consumer rights (such as access, deletion, and opt-out).
Although, the Senate Committee denied the suggested exemptions from the CCPA notice and data breach liability provisions. It indicates that employers have to provide a privacy notice when collecting employee personal information.
In addition, employee data is included in the data breach events and their private right of action is available. An employee exemption is a sunset provision which will expire by January 1 2021.
When the date arrives, the CA Legislature will provide regulation similar for the handling of employee data.
This bill will allow the usage of personal information with consumer’s consent and voluntary participation in the loyalty program. It forbids companies to sell personal information from loyalty programs to other companies.
Therefore, it will impact various companies who rely on cross-marketing in their business model.
This bill will allow those businesses that operate online and are directly connected with their consumers to give a single method (email) for consumers to contact them. Generally, it is less hectic from what originally required of entities under California data privacy law 2020. It also includes an additional method and a toll-free number.
A few items are under consideration. However, the amendments cover a wide range of items, that incorporate, data brokers to register with the attorney general (AB 1202), requirements for parents/guardians of children under 13 to take consent for social media accounts, requiring business using facial recognition to disclose the usage at all relevant locations (AB 1281). The amendments also allow a business to differently treat the consumers who have exercised privacy rights if related to the value provided by the business (AB 1355).
The amendments listed down below were rejected and will not modify the California data privacy law 2020.
Only if you collect and process data of California citizens and also if you meet at least anyone from the conditions mentioned below.
Data mapping is a process which figures out the type of information you accumulate, why and where you hold it, and with whom you share it. This process also states that how the information is transferred addresses many other questions related to data collection and its daily usage.
CCPA expects you to conduct data mapping of your users from California. Although, this is not a strict obligation by the CCPA but considered as a good practice that saps risk associated with the data of your users.
CCPA requirements are clear and precise that a business must meet. The requirements include:
No, as a reversal, CCPA does not require you to obtain consent before collecting and processing your users’ data.