From the start of this year, the US has a new high water mark for privacy regulation. The California Consumer Privacy Act (CCPA) has come in to effect, and it can apply to entities located outside that state.
In summary, if you are a for profit entity with revenue of more than US$25 million which does business in California and collects the personal information of consumers in that state, you will need to comply with the new law. “Doing business” does not require a physical presence in the state.
The CCPA concept of “personal information” is broader than the definition in the Australian Privacy Principles, extending to information that “is capable of being associated with, or could reasonably be linked” with a person residing in California. The concept also applies to purchasing histories and tendencies, browsing histories and search histories.
If the CCPA applies to your business, you must disclose the following when you collect personal information:
Plus, you must offer an “opt out” from the sale of the consumer’s information.
Author: Dan Pearce
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this newsletter is accurate at the date it is received or that it will continue to be accurate in the future.