An advisory has been released by California Attorney General Xavier Becerra reminding consumers of their new rights under the California Consumer Privacy Act (CCPA), which became enforceable January 1 this year.
In the advisory Becerra outlines the rights allocated to users with the CCPA and how they can be availed of along with details of the data broker registry and information on data security. Enforcement of CCPA is the responsibility of the Office of the Attorney General.
He said: “Knowledge is power, and in today’s world knowledge is derived from data. When it comes to your own data, you should be in control. In California we are rebalancing the power dynamic by putting power back in the hands of consumers. I encourage all Californians to take a moment to understand their new rights and exercise these rights to take control of their personal data.”
It is the duty of the Office of the Attorney General to enforce the CCPA.
The following are included among the new rights introduced with the CCPA
- Consumers have the right to request a businesses reveals what disclose what personal information in relation to them is being collected, used, shared or sold by the business, in both categories and specific pieces of data.
- Consumers ask that a business removes and destroys the consumer’s personal information that is being stored this is the same for information being held by the business’s service providers;
- Consumers may demand that a company does not sell the consumer’s personal information. Due to this there is a legal obligation on businesses to have in place a “Do Not Sell” information link on their websites or mobile applications.
- It is a legal obligation for children under the age of 16 to give opt-in consent, in the case of children under the age of 13 this must be provided by with a parent or guardian.
- It is illegal for businesses may not discriminate against consumers in terms of price or service when a consumer exercises a privacy right under CCPA.
This legislation is only applicable to Californian businesses that fulfil the following criteria.
- Gross annual revenue greater than $25 million.
- Handling, in some way, the personal information of 50,000 or more consumers, households or devices.
- Earns half or greater of its annual revenues from selling consumers’ personal data.
- Companies that handle the personal information of over four million consumers will have more record-keeping obligations that they must adhere to.
In order to comply with this new legislation companies must put in place and manage security processes so that they ensure that safeguard consumers’ personal information. if this is not the case then consumers are entitled to initiate a legal action in relation to an unauthorized breach occurring. These requirements and entitlements began being applicable on January 1, 2020.