If your company has been ignoring the European Union’s new General Data Protection Regulation—maybe because you believe your meetings are unlikely to have European attendees or because enforcement seems unlikely—there’s a new reason to make data protection a top priority: On June 28, California passed the California Consumer Privacy Act of 2018, which will give people more control over how their personal information is collected and used.
The new law, which goes into effect in January 2020, will give consumers the right to know what information is being collected about them, the business reasons for which it’s being collected, and the types of third parties it will be shared with. Like with GDPR, the law will allow people to opt out of having their personal sold and will give them the right to request that all of their personal information be deleted. The bill has given the state’s attorney general more authority to fine companies that don’t adhere to the new regulations.
The law applies to California companies as well as organizations doing business in California, but one important difference from GDPR is that the regulations only apply to large corporations and associations. To be regulated under the new law, an organization must meet any one of these three requirements:
• has annual gross revenues over $50 million
• sells personal information for 100,000 people or more annually
• derives 50 percent or more of its annual revenues from selling personal information.
Another difference is that under GDPR, fines and penalties for data misuse are not insurable. In California, however, insurance policies that cover data misuse and breaches are legal so companies should consider updating both their data handling policies and insurance contracts.
In an article on Hotel News Resource, Bob Braun, a senior member of JMBM’s Global Hospitality Group, says, “it is clear that [the law] has the potential of impacting companies throughout the nation. Just as California’s initial breach notification act, adopted in 2002, radically changed the privacy landscape, the California Consumer Privacy Act of 2018 is likely to have as important an impact.”