Subscribe to Our Newsletter
Statute took effect on January 1, 2020 and enforcement begins July 1, 2020
SACRAMENTO – California Attorney General Xavier Becerra today issued an alert reminding consumers of their data privacy rights under the California Consumer Privacy Act (CCPA). The CCPA, which went into effect this year, provides consumers with access to and control over their personal information. The Attorney General plans to begin enforcement of the CCPA starting July 1, 2020. Businesses subject to CCPA were required to begin complying with the law on January 1, 2020. Proposed final regulations under the CCPA were submitted to the California Office of Administrative Law on June 1, 2020 and are currently pending approval.
“Under the CCPA, Californians have the right to access and stop the sale of their personal data if they choose to exercise it,” said Attorney General Becerra. “As families continue to move their lives increasingly online, it is essential for Californians to know their privacy options. Our office is committed to enforcing the law starting July 1.”
Under the CCPA, California Consumers Generally Have the Following Rights:
How to Exercise your CCPA Rights:
Consumers should access the business’s online privacy policy, or California-specific online notice, for information on how they can exercise their CCPA rights. Businesses are required to have a link to their privacy policy on their website, usually at the bottom of the homepage. Businesses that sell consumer personal information must also include a “Do Not Sell My Info” link on their websites or mobile apps.
All businesses that have a website must provide an online method to submit a request, such as an email address or online form. Businesses that do not operate exclusively online must also provide a toll-free phone number. Businesses may require that you verify your identity when making a request to access or delete your personal information to match you to their records and/or to prevent fraud.
Consumers can also refer to the California Data Broker Registry, which is posted on the Attorney General’s website at www.oag.ca.gov/data-brokers. The Registry lists businesses that collect and sell the personal information of a consumer to third parties. These data brokers are required to provide information on how consumers can opt-out of the sale or submit requests under the CCPA.
Businesses Subject to CCPA:
Not all businesses are subject to CCPA. A business is subject to CCPA if the business:
Non-profits and governments are not subject to the CCPA. Some businesses and service providers may also be exempt from certain provisions of the CCPA.
Consumers’ Private Right of Action in the Case of a Data Breach:
The CCPA gives consumers a limited right to sue a business for a data breach that was a result of a business’s failure to reasonably secure certain types of personal information. It does not give consumers the right to sue businesses for other violations of the CCPA. To report a violation of the CCPA to the Attorney General, consumers may submit a complaint online at www.oag.ca.gov/report.
For more information about the CCPA, including the text of the statute and the proposed final regulations, visit www.oag.ca.gov/ccpa.
A sharable graphic on how consumers can exercise their CCPA rights is available here.