What is the CCPA?
The California Consumer Privacy Act grants California residents new privacy rights. The CCPA creates a private right of action for California residents and grants new enforcement power to the Attorney General with high damages recoverable. The CCPA grants California residents the right: (1) to know what personal information is being collected about them; (2) to know whether their personal information is sold or otherwise disclosed and to whom; (3) to say no to the sale of their personal information; (4) to access their personal information and request deletion under certain circumstances; and (5) to receive equal service and price, even if they exercise their privacy rights. It also creates a private right of action for California residents if their unencrypted or unredacted personal information is subject to certain security incidents as a result of a business’s failure to implement reasonable security. Plaintiffs may seek the greater of their actual damages or set damages of between $100 and $750 per consumer per incident. The CCPA also empowers the Attorney General to pursue cases against businesses for damages of up to $7,500 per violation for intentional violations. Whose Information is Regulated? The CCPA places restrictions on certain businesses as a means of protecting consumers’ personal information. Importantly, “consumer” for the purposes of the CCPA means any natural person who is a resident of California as “resident” is defined in tax provisions. Thus, under this broad definition, “consumer” includes: (1) every individual who is in California for other than a temporary or transitory purpose, and (2) every individual who is domiciled in California who is outside of California for a temporary or transitory purpose. Given this definition, the CCPA may arguably apply to covered entities that process even a single California resident’s personal information no matter where that entity is located. What Information is Regulated? The CCPA expands the definition of “personal information” to include any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked with a particular consumer or household. This includes information like a consumer’s name, postal address, social security number, education information, inferences drawn to create a profile about the consumer, consumer preferences, etc. The definition both encompasses and is broader than the definition of “personal information” used in California’s data breach statute. For example, it includes biometric information (e.g., imagery of the fingerprint, face, palm, etc.) collected without a consumer’s knowledge.
We at ARM do not gather, store or sell personal information. This website does not ask for cookies or anything else that tracks your visit here.