Keesal, Young & Logan’s Stacey Garrett does a deep dive into how organizations can be preparing for the California Consumer Privacy Act (CCPA), going into effect on January 1, 2020.
In June 2018, California broke new ground when it was the first state in the nation to enact a comprehensive data privacy law. The new law, called the California Consumer Privacy Act, was fueled by a national debate over who owns an individual’s personal information: the individual, or the business that collected it. California lawmakers answered that question by giving consumers significant new rights to control their personal information and by requiring that businesses covered by the CCPA be transparent about how they collect, use and share that information. The CCPA takes effect on January 1, 2020. Experts estimate that the CCPA will apply to more than 500,000 businesses in the United States.
“Personal Information” Covered by the CCPA
The CCPA has one of the most expansive definitions of “personal information” on the planet. It includes not only the traditional categories of personal information (such as an individual’s name, social security number and driver’s license number), but it also includes more unusual categories such as a person’s internet protocol (IP) address, alias, geolocation data,…