The CCPA or California Consumer Privacy Act of 2018 is the law that aims to improve the privacy rights and consumer protection of California residents. It was created to amend sections of the Civil Code relating to personal information or personal data and declaring urgency thereof. The act became effective on the 1st of January of the year 2020 under the Senate Bill SB 1121.
As defined in this statute, personal information or personal data is information that associates, describes, identifies, links to, or relate, be it directly or indirectly to a specific person like a person's name. Other examples include:
- account numbers (code, pin, social security, or tin)
- email address,
- IP address,
- personal records (bank account, driver's license, or passport)
personal information (financial, insurance, or medical).
This bill would modify that requirement by requiring a business that collects personal information about a consumer to disclose the consumer's right to delete personal information in a form that is reasonably accessible to consumers and following a specified process.
This bill would provide that the rights afforded to consumers and the obligations imposed on any business under the act do not apply if those rights or obligations would infringe on the noncommercial activities of people and entities described in a specified provision of the California Constitution addressing activities related to newspapers and periodicals. The bill would also prohibit application of the act to personal information collected, processed, sold, or disclosed according to a specified federal law relating to banks, brokerages, insurance companies, and credit reporting agencies, among others, and would also exclude application of the act to that information under the California Financial Information Privacy Act. The bill would provide that these exceptions, and the exception provided to information collected, processed, sold, or disclosed under the Driver's Privacy Protection Act of 1994, do not apply to specific provisions of the act related to unauthorized disclosure of information. The bill would revise and expand the exception provided for medical information, would except a provider of health care or a covered entity, and would also except information collected as part of clinical trials, as specified. The bill would also clarify that the act does not apply if it conflicts with the United States Constitution.
Under the attorney general's provision, the private right of action permitted under the act is the private right of action described above for violations of unauthorized access and exfiltration, theft, or disclosure of a consumer's nonencrypted or nonredacted personal information. It would delete the requirement that a consumer bringing a private right of action notify the Attorney General. The bill would remove references to unfair competition laws in connection with the Attorney General actions described above. The bill would limit the civil penalty to be assessed in an Attorney General action in this context to not more than $2,500 per violation or $7,500 per each intentional violation. It would specify that an injunction is also available as a remedy. The bill would eliminate the formula for allocating penalties and settlements and would instead provide that all of the money be deposited in the Consumer Privacy Fund with the intent to offset costs incurred by the courts and the Attorney General in connection with the act. The bill would also revise timelines and requirements regarding the promulgation of regulations by the Attorney General in connection with the act.
To know more about this law and what it entails, it would be best to contact our California-based lawyers. They have the knowledge and experience regarding the application of this statute and other California laws.
Send us a message! We'll get back to you ASAP