Here’s How the California Consumer Privacy Act Will Affect You

By on Dec 19, 2019

On May 25, 2018, the European Union implemented a new privacy legislature called the General Data Protection Regulation or GDPR. This regulation updated European law to give EU citizens more control over their data as a result of the hyper-connected world we live in today. Then last June, California responded with its own bill called the California Consumer Privacy Act (CCPA). This bill, which goes into effect January 2020, broadens the scope of privacy rights for Californians, including data access rights and a limited private right of action. Essentially, the CCPA gives users the right to know just how companies are making money off of their data.

What are users’ new rights under the CCPA? First, businesses are required to reveal the personal data that is collected, sold, or disclosed for their business purposes. This includes informing users what categories of data were collected and how their data will be used. Second, companies are unable to discriminate against a consumer who exercises their rights under the CCPA. Third, businesses must provide users access to their data. Fourth, companies are required to delete users’ data upon request (with some significant exceptions). This includes personal data that the company might have shared with a third party. Lastly, businesses must provide the user with the ability to opt-out of the sale of their data.

That all sounds beneficial for privacy-conscious consumers, but how exactly does the CCPA define personal information? The CCPA defines personal information as any information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked with a particular consumer or household. Some examples of this type of data include a real name, user name, email address, Social Security Number, passport number, property records, biometric data, and internet activity like browsing history or IP addresses.

So, how will the CCPA be rolled out and what happens if a business violates the CCPA? Parts of this regulation will go into effect on January 1, 2020, but most will be enforced starting on July 1, 2020. According to the California legislature, if a business violates the CCPA and fails to fix the violations within 30 days, they are liable for a civil penalty. A company may be charged a maximum penalty of $2,500 per violation, or $7,500 per each intentional violation of the law that is not fixed within 30 days. If a company suffers a data breach resulting in the theft of personal information, they may be ordered to pay damages to the impacted California residents.

While California is the first large state to implement these privacy regulations in the U.S., it certainly won’t be the last. Other states have begun drafting similar bills and similar regulations will likely come into effect over the next few years; Congress also has some significant bills under consideration. As this legislation is rolled out, consumers need to be aware of their new rights to help them better protect their privacy.

Stay on top of the latest consumer and security news by following @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

About the Author


McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. Take a look at our latest blogs.

Read more posts from McAfee

  1. I live in greater Boston, MA. Does the new CCPA affect or protect me at all?

  2. As a McAfee user I am thrilled to see how far they are going to help consumers protect there personal information as well as providing us with the most resent news as to how we may keep our selves best protected from those who would like nothing more than to use our information for there own gain leaving good people in ruin. I find a lot of comfort in knowing that McAfee is working hard to protect us on the internet & off from companies that only see us as a way to increasing there own bottom line. Maybe now they might just start showing a little respect for the people who’s information they buy & sell like we are just there for their own gain. To all the good people at McAfee I say Thank You & keep up the good work.

Subscribe to McAfee Securing Tomorrow Blogs