On June 28, 2018, the Governor of California, Jerry Brown, signed a new law. The law that added about 10,000 new words to the California Civil Code. According to the California Consumer Privacy Act of 2018, From 1st January 2020, all the companies that have the residents of California working for them will have to comply to the additions made in the law. These additions are related to the processing of personal data of the residents of California. Companies that hold the data of California residents will have to keep in mind the privacy restrictions. The California Consumer Privacy Act of 2018 is probably one of the most strict privacy laws in the US political history.
The people of California working in such companies will have full control over what data are they sharing with the company. They can ask for any modifications in the data, delete any wrong details and also prevent it from going to any third party. They can even ask for any additional policies for their safety.
It is said that the law is somewhat similar to the General Data Protection Regulation (GDPR) by the European Council. Both of these laws focus towards the safety of their residents and protect their information.
Each and every company that has the data of more than 50,000 people and operates in California will have to follow this lay at any cost. Any company failing to do so will have to suffer a fine of $7,500 for each person. That may sum up to a huge amount keeping in mind the total number of people covered under this act.
The opposition by The Internet Association to California Consumer Privacy Act of 2018
The Internet Association is a major association of the big internet companies. It’s vice president of state government affairs, Robert Callahan, said in a statement that the law should have been passed after some general public discussion. The policy for data regulation is a complex one and will affect all the major economic sectors, including internet.
He also added to his statement that such a rush decision will have compliance complexities in California. He is quite clear with his point here. In February 2017, this bill was first passed but was later made inactive in September. Later in a quick process, the same bill became active on June 21 through some unanimous votes in the State Assembly and Senate.
Why was the whole process so quick?
Earlier when Proposition 13 was passed, it was the decision of a ballot voting. Any decision taken on ballot basis is always hard to change. According to The Register, it is said that two political men from States were thinking of ballot voting for this law to be passed. Thus only 2 options were left with the technology experts. They either let the ballot voting take place with a risk of not being able to change it easily later on. Or they could let the law pass so that ballot can be avoided. If ballot voting would have taken place, it would have become difficult to pass the bill later on.
The two people got what they wanted and the legislature and Governor Brown avoided the ballot voting process.
What can you do to survive The California Consumer Privacy Act of 2018?
If you have a business in California or are selling your customer data to some third party, you have to be cautious. You should add a link with a disclaimer “do not disclose my personal details” to your website. This government may take this law later in the future, but for now, you have to prepare yourself to deal with it.
Review all the data you have. Make sure it is accurate and up to date so that you do not have any last minute regulations to follow. Remove all the old data. You can prepare all the data privacy rules in a documented format. This way everyone one dealing with the data can be notified of new laws.
The companies also can hire a professional data protection company that has better knowledge of all this. If you decide to work on these privacy regulations on your own, it might become complicated for you. Thus, hiring a professional can be a good option.
Under this law, any user can demand the details on their information you have. Your company has to provide it free of cost within 45 days of their demand. If you get a notice to comply with the law, you should respond within 30 days. Have complete information of where and how are you storing all the data.
The law still has a long time to be active i.e. January 1, 2020, and anything can happen within this course of time. Prepare your self completely to avoid any last minute rushes and compliances.