What You Need to Know about the California Consumer Privacy Act of 2018

California Consumer Privacy Act of 2018

Yesterday, California Governor Jerry Brown signed the California Consumer Privacy Act of 2018. The law passed the State Assembly and Senate unanimously. Experts and journalists are calling it the most far-reaching and comprehensive data privacy law yet passed in the United States.

Here’s what your enterprise needs to know:

When Does the California Consumer Privacy Act Go Into Effect?

January 1, 2020. This deadline gives enterprises enough time to evaluate and possibly alter their data collection and usage policies before enforcement begins. Additionally, lawmakers have commented on possible changes to the law before it goes into effect.  

What Does the Law Entail?

All businesses collecting data on California residents—major enterprises and small businesses alike—will be required under the California Consumer Privacy Act of 2018 to:

  • Disclose the types of data they collect to consumers on request.
  • Disclose to consumers on request why their data was collected.
  • Disclose to consumers on request what third parties have received it.
  • Allow consumers to opt out of having their data sold or stored.
  • Obtain consent before selling data from children under the age of 16.   

Because it is a state law, the California Consumer Privacy Act of 2018 only applies to California consumers, although it will affect businesses in other states. The bill does allow companies to offer consumers discounts for the usage and sale of their data and to charge consumers who are opting out “a reasonable amount.” This has drawn ire from some privacy experts, who claim it infringes on the right to privacy.  

Why Now?

From what we can tell, the speed with which the California Consumer Privacy Act of 2018 passed is the result of a few different political pressures. The recent Facebook scandals and the barrage of enterprise data breaches have certainly changed consumer demands, but the most pressing issue might have been a ballot initiative on the subject.

Spearheaded by millionaire real estate mogul Alastair Mactaggart, a ballot initiative—which would have been voted on in December—would be much harder to amend than legislation. The ballot’s consideration deadline was also yesterday. Mr. Mactaggert agreed to withdraw the ballot in the wake of the bill’s passage.  

Other Resources:

Live from Identiverse 2018, the Digital Identity Conference, in Boston, MA! (Monday)

Live from the 2018 Identiverse Conference in Boston, MA (Tuesday)

IAM Modularization with Dr. Martin Kuhlmann of Omada

Comparing the Top Identity and Access Management Solutions

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner