So while the California Consumer Privacy Act of 2018 won’t take effect until 2020 (or later depending on when the regulations are issued), when it does go into effect, part of it will require companies who are subject to the act to have kept records of the data collected within the 12 months prior to the effectiveness of the act. This seems a little retroactive in application and its questionable legally of how this will be enforced, but any companies that are doing business in California should be cognizant of the application and time periods here and should have a procedure in place to track what is being collected and from whom. Additionally when the Act does come into effect, the companies will have to inform California consumers about the data that has been collected, how it was used, especially if it was sold to or shared with third parties. Having a procedure in place to track it now is important.
Tag: CA privacy law
The California Consumer Privacy Act of 2018
So the wave of privacy laws originating in Europe has hit the United States. On June 28, 2018, the California Consumer Privacy Act of 2018 was signed into law (referred to in this post as the “Act” or the “Law”). It is both similar to, and distinct from, the GDPR. Companies should absolutely not assume that if they are GDPR compliant, that they would also compliant with the California law. The California law has broad out of state reach and violations carry serious monetary penalties, including actions from the Attorney General of the State of California, or individuals (either separately or as a class action). Companies should make sure they are out in front of this law. The date the Act is set to take effect is January 1, 2020. Read more