On 1st January 2020, the California Consumer Privacy Act, or CCPA, comes into effect in the US state of California. It applies to any for-profit entity doing business in California, that meets one of the following:
- Has a gross revenue greater than $25 million.
- Annually buys, receives, sells, or shares the personal information of more than 50,000 consumers, households, or devices for commercial purposes.
- Derives 50% or more of its annual revenues from selling consumers’ personal information.
The law also applies to any entity that either:
- Controls or is controlled by a covered business.
- Shares common branding with a covered business, such as a shared name, service mark, or trademark.
In addition, parts of the CCPA apply specifically to service providers and third parties.
CCPA requires companies to identify all personal information they hold on their customers, as well as how they sourced that information. They must provide and publicize unsubscribe links on company communications, as well as delete personal data if the customer demands it.
B2B marketing activity is covered by the CCPA, although B2B companies do not have to comply with some parts of the act until 2021. The maximum penalty granted under the CCPA is $7,500 per violation, if the violation is found to be intentional.
For information on International Opt-In legislation – click here.
Thanks to our friends at Cognism for much of the legal content.