Things that Business Owners should know about California Consumer Privacy Act
Beginning January 1, 2020, a new Consumer Privacy Act will be implemented in California. The California Privacy Act is a very comprehensive privacy protection measure similar to the General Data Protection Regulation (GDPR) implemented in the European Union in May 2018.
This is because consumers' rights on their personal information will be more protected, while businesses will be limited in using consumers' personal information to a certain degree. GDPR is a privacy protection law based on the principles of privacy by design and privacy by default. If a company sells a new product or service, it is required to consider the protection of personal information from the design stage and to collect and store only the personal information necessary to provide the service. The California Privacy Act is similar. They have the right to ask consumers to remove personal information or not to share information. By collecting personal information by default and opting out of the consumer, collection is possible only when the consumer wants it, rather than stopping the collection. Furthermore, if the user does not allow the collection and use of personal information, the quality of service should not be lowered.
However, the GDPR does not include personal information portability right, the obligation to inform the regulatory body within 72 hours of a data breach, the obligation to designate a Data Protection Officer (DPO) if there are more than 250 employees, the obligation to enter into a Data Processing contract with a personal information provider. Further, the California act does not include the specific implementation measures stipulated by the GDPR, such as the obligation to document treatment records. On the other hand, technology companies such as Google and Facebook, as well as small businesses, are required to disclose what information the company collects, what purpose it is collecting, . In addition, the company might be sued by who have suffered data leakage due to failure of security and data breach incidents to individual consumers, and will be required to compensate for up to $ 750. California legislation does not contain specifics about the amount of fines imposed on each person for separate litigation. For reference, GDPR will be charged at 4% of global annual sales or € 20 million.
The California Privacy Act is not as extensive as the GDPR and has not yet established a penalty threshold, but it is the most comprehensive and powerful of the privacy laws enacted in the United States. California, with Silicon Valley, the heart of IT companies such as Facebook, the most populous state in the United States and a recent personal information issue, has enacted strong privacy laws that will change the way companies handle data in the future . Of course, this is not the only case in California. Even if you are located outside the United States, you will need to comply with this measure if you are dealing with personal information in the course of selling or providing services to consumers in California.
This is because consumers' rights on their personal information will be more protected, while businesses will be limited in using consumers' personal information to a certain degree. GDPR is a privacy protection law based on the principles of privacy by design and privacy by default. If a company sells a new product or service, it is required to consider the protection of personal information from the design stage and to collect and store only the personal information necessary to provide the service. The California Privacy Act is similar. They have the right to ask consumers to remove personal information or not to share information. By collecting personal information by default and opting out of the consumer, collection is possible only when the consumer wants it, rather than stopping the collection. Furthermore, if the user does not allow the collection and use of personal information, the quality of service should not be lowered.
However, the GDPR does not include personal information portability right, the obligation to inform the regulatory body within 72 hours of a data breach, the obligation to designate a Data Protection Officer (DPO) if there are more than 250 employees, the obligation to enter into a Data Processing contract with a personal information provider. Further, the California act does not include the specific implementation measures stipulated by the GDPR, such as the obligation to document treatment records. On the other hand, technology companies such as Google and Facebook, as well as small businesses, are required to disclose what information the company collects, what purpose it is collecting, . In addition, the company might be sued by who have suffered data leakage due to failure of security and data breach incidents to individual consumers, and will be required to compensate for up to $ 750. California legislation does not contain specifics about the amount of fines imposed on each person for separate litigation. For reference, GDPR will be charged at 4% of global annual sales or € 20 million.
The California Privacy Act is not as extensive as the GDPR and has not yet established a penalty threshold, but it is the most comprehensive and powerful of the privacy laws enacted in the United States. California, with Silicon Valley, the heart of IT companies such as Facebook, the most populous state in the United States and a recent personal information issue, has enacted strong privacy laws that will change the way companies handle data in the future . Of course, this is not the only case in California. Even if you are located outside the United States, you will need to comply with this measure if you are dealing with personal information in the course of selling or providing services to consumers in California.
Comments
Post a Comment