On June 28, California Governor Jerry Brown signed AB 375, the California Consumer Privacy Act of 2018, intended to protect consumers’ private data. When it goes into effect in 2020, the law will give consumers the right to request all the data businesses are collecting on them and the right to request that businesses don’t sell any of their data. The law also comes with strict disclosure rules about data collected by businesses, and it empowers the California Attorney General to fine businesses for non-compliance.
To comply with the act’s requirements, businesses must make two or more designated methods available to consumers for submitting requests for information, including a toll-free telephone number and a website address.
The act will apply to for-profit entities that do business in California and meet the following criteria:
- Have annual gross revenues over $25 million;
- Alone or in combination annually buys, receives, sells or shares for commercial purposes the personal information of 50,000 or more consumers, households, or devices; or
- Derives 50 percent or more of its annual revenues from selling consumers’ personal information, which is defined as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household."