That’s thanks to the California Consumer Privacy Act, or CCPA, which the American Bar Association calls “the most comprehensive privacy legislation in the United States.”
Because most companies will likely find it difficult to create a privacy framework just for California, policymakers expect the law to affect the entire U.S.
The brainchild of real estate developer and privacy activist Alastair Mactaggart, former Gov. Jerry Brown signed the CCPA into law in June 2018.
The CCPA allows consumers to learn what information businesses are collecting about them, their devices and their children. This includes what categories of personal information they are selling, and to whom they are selling them to.
This covers an immense laundry list of personal information, ranging from name, to email addresses, property records, online shopping activities, education and employment information.
The law also lets consumers opt out of the collection. In addition, the businesses are not allowed under the law to discriminate against consumers who opt out of the collection.
It prohibits businesses from selling the personal information of people under 16.
The law applies to companies with an annual gross revenue of $25 million, those that buy or sell the personal information of 50,000 or more consumers and those that get 50 percent or more of their income from selling consumers’ personal information.
Companies must include a “do not sell my data” link that must appear prominently at the bottom of the web page. Those that do not implement adequate security practices, and let hackers steal their customers’ personal information via a data breach, can be sued. Businesses that fail to comply face fines by the California Attorney General of $2,500 to $7,500 per violation.