As of July 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) is now enforceable by the Attorney General of California.
Businesses in violation of the CCPA will be notified of non-compliance and given 30 days to cure the violation(s). Failure to do so may subject the business to an injunction and a civil penalty of up to $2,500 for each violation or $7,500 for each intentional violation.
The CCPA protects the data privacy of personal information of California consumers. It applies to any for-profit entity that:
- does business in California (even if not located in California);
- collects or processes California consumers’ personal data; and
- meets at least one of the following thresholds:
- has annual gross revenues in excess of $25 million; or
- buys, receives, sells or shares the personal information of 50,000 or more consumers, households, or devices; or
- earns 50% or more of its annual revenue from selling consumers’ personal information.