Yesterday, California Governor Jerry Brown signed the California Consumer Privacy Act of 2018. The law passed the State Assembly and Senate unanimously. Experts and journalists are calling it the most far-reaching and comprehensive data privacy law yet passed in the United States.
Here’s what your enterprise needs to know:
When Does the California Consumer Privacy Act Go Into Effect?
January 1, 2020. This deadline gives enterprises enough time to evaluate and possibly alter their data collection and usage policies before enforcement begins. Additionally, lawmakers have commented on possible changes to the law before it goes into effect.
What Does the Law Entail?
All businesses collecting data on California residents—major enterprises and small businesses alike—will be required under the California Consumer Privacy Act of 2018 to:
- Disclose the types of data they collect to consumers on request.
- Disclose to consumers on request why their data was collected.
- Disclose to consumers on request what third parties have received it.
- Allow consumers to opt out of having their data sold or stored.
- Obtain consent before selling data from children under the age of 16.
Because it is a state law, the California Consumer Privacy Act of 2018 only applies to California consumers, although it will affect businesses in other states. The bill does allow companies to offer consumers discounts for the usage and sale of their data and to charge consumers who are opting out “a reasonable amount.” This has drawn ire from some privacy experts, who claim it infringes on the right to privacy.
From what we can tell, the speed with which the California Consumer Privacy Act of 2018 passed is the result of a few different political pressures. The recent Facebook scandals and the barrage of enterprise data breaches have certainly changed consumer demands, but the most pressing issue might have been a ballot initiative on the subject.
Spearheaded by millionaire real estate mogul Alastair Mactaggart, a ballot initiative—which would have been voted on in December—would be much harder to amend than legislation. The ballot’s consideration deadline was also yesterday. Mr. Mactaggert agreed to withdraw the ballot in the wake of the bill’s passage.
Latest posts by Ben Canner (see all)
- What are The Key IDaaS Capabilities for Enterprises? - October 16, 2019
- What are “Pass the Hash” Attacks? How Can Your Enterprise Prevent Them? - October 16, 2019
- What’s Changed: 2019 Gartner Magic Quadrant for Identity Governance and Administration (IGA) - October 14, 2019