Mitigating the Impact of the CCPA, Corporate Compliance Insights
By Katherine Catlos, CIPP/US, CIPM with co-author Jack Hakim, CEO EC Wise l October 25, 2019
5 Things to Know About the California Consumer Privacy Act
With the CCPA going into effect on January 1, Kaufman Dolowich & Voluck partner Katherine Catlos and EC Wise CEO Jack Hakim outline key facts about the California legislation and discuss how companies can mitigate the risk of noncompliance.
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is the most comprehensive privacy law passed in the United States. It’s not just that there are new consumer rights associated with personal information (PI) and more severe penalties, but the definition of PI is very broad. The CCPA defines PI as any “information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular consumer or household” (Cal. Civ. Code §1798.140(o)).
California’s expansive definition of PI includes:
- Personal identifiers;
- IP addresses;
- Commercial information, including records of personal property, products or services purchased, obtained or considered or other purchasing or consuming histories or tendencies;
- Internet or other electronic network activity information;
- Professional or employment-related information; and
- Any consumer profile inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.