From the continuous headlines of high-profile data breaches to the political and corporate misuses of data, data privacy has evolved from a distant thought to a legal right with severe penalties in some jurisdictions. So says my colleague, Trina Glass, in response to my inquiry regarding client concerns pertaining to the applicability of the new California Consumer Privacy Act (CCPA).
Trina advised that the CCPA, effective Jan. 1, 2020, requires certain companies to provide consumers more transparency and control over their personal information. It prevents companies from using personal information in ways that you aren’t aware of, for example, in tracking your geolocation and from making a profit selling your data to other companies without your permission. Companies that fail to prioritize data privacy will face severe fines.
In October 2019, California’s Attorney General published its proposed regulations related to the CCPA. The industry is still awaiting action from the AG on those proposed amendments. The AG has stated that he expects to publish the final implementing regulation in the spring and enforcement will begin six months after the final regulations have been published.
Is This Applicable to My Firm?
Based on the threshold criteria stated below, most RIAs will not be subject to the CCPA. However, the CCPA is applicable to any for-profit business conducting business in California regardless of where it is registered and that meets any of these criteria:
• Has annual revenues exceeding $25 million;
• Collects, receives, shares, sells or buys personal information from 50,000 or more California residents, households or devices each year; or
• Derives 50% or more of its annual revenue from selling the personal information of California residents.
Data Privacy Rights
Pursuant to the CCPA, California residents have the following:
• Right to request information regarding:
1. The categories of personal information that the business collected about the consumer and the business purpose.