What Does the California Consumer Privacy Act Mean for Your Business?
Effective January 1, 2020, the California Consumer Privacy Act allows any consumer residing in California to request that a company disclose all personal information it has saved on them—as well as the third parties with which the data has been shared. The law affects any organization serving California residents that has annual revenues in excess of $25 million. However, the law also broadly applies to any business that has collected personal data on 50,000 or more individuals regardless of the company’s size or location; even organizations based outside of the United States are subject to the law if they meet the above criteria. Failure to comply exposes qualifying organizations to potential litigation, even if no data breach has occurred.
Practically, one of the first major consequences of the law is that companies must offer consumers the ability to opt out of data sharing via a link at the footer of their website. If that option is not present in the footer, or if the company cannot or will not provide information on what personal data they have collected and/or how it has been shared, California consumers have the right to sue.
While compliance with the new law may initially appear burdensome to businesses, it is also an opportunity for brands to build trust with their audience. Consumers have become increasingly wary of how their data is collected and shared by organizations, and providing your audience with an easy way to request information or opt out of data sharing is a gesture of good faith that can ultimately strengthen the relationship.
Consult with a legal advisor if you are unsure whether or not your business is affected by the new law. Your organization may wish to comply even if you’re not explicitly required to do so. By increasing transparency, organizations can further a dialogue with customers and consumers based on mutual trust and respect.