We're here to help Shareowners Organizations
49930EQUS CCPA Web Imagery 900X330

Countdown to Compliance: The California Consumer Privacy Act

Friday, December 20, 2019

Information security and data privacy concerns continue to be major issues for both companies and consumers. While corporations and businesses have taken steps to address concerns over the last several years, increased regulations have meant that participation is no longer voluntary. We have written about the California Consumer Privacy Act (CCPA) on this blog before, but as the Jan. 1, 2020, deadline for compliance nears, it’s important to remember what is changing and how it will impact your interactions with shareholders.

As the name of the CCPA indicates, the changes are driven by consumer privacy concerns. Essentially, the CCPA gives customers the right to know what kind of personal data is being collected by organizations and if that information is being sold or given to other entities; to opt out of this information sharing; and to request that a business delete the customer’s personal information altogether.

Additionally, consumers are provided assurances that they will not be treated differently for requesting this information, such as charging them higher prices or fees as a result. In short, the law requires companies to make it easier for consumers to take control of their personal digital information and not be punished as a result.

California law, nationwide impact

Any sizable company anywhere in the country is going to need to abide by these requirements.

Although this is a law in California, companies’ responsibilities do not stop inside this state’s borders. Any sizable company anywhere in the country is going to need to abide by these requirements.

While the CCPA is something passed at the state level, it may be wise to consider this as the beginning of a trend toward more customer-friendly privacy laws. California’s law comes on the heels of the General Data Privacy Regulation (GDPR) introduced by the European Union in 2018. Just as the GDPR provided a blueprint for California, so too could the CCPA serve as a model for other states – or even a federal law down the road.

Penalties of noncompliance

Depending on the type of violation, monetary penalties can be applied. Companies that are affected by a data breach could have to pay damages to individual consumers or be subjected to a class-action lawsuit. The state could also decide to prosecute the company criminally in egregious cases.

It is true that monetary penalties can have a punitive effect, but the cost in terms of customer trust might be far greater. High-profile data breaches draw unwanted attention to companies at a time when cyber security is more important than ever. EQ’s shareholder services continuously monitor trends and changes in regulatory compliance to ensure safe, reliable and trusted information.