As of January 1, 2020, companies around the world will have to comply with additional regulations related to processing of personal data of California residents. Pursuant to the California Consumer Privacy Act of 2018, companies have to observe restrictions on data monetization business models, accommodate rights to access, deletion, and porting of personal data, as well as issue or update privacy notices to provide detailed disclosures about data handling practices.
For a general overview of the statute and its unusual history, see Lothar Determann, The California Consumer Privacy Act of 2018 – Broad Data and Business Regulation, Applicable Worldwide, IAPP Privacy Tracker (Jul. 2, 2018). Additionally, companies that become victims of cyber attacks or data theft will become exposed to statutory damages claims of up to $750 per consumer and incident under a new Section 1798.150, which the California Consumer Privacy Act of 2018 adds to the California Civil Code.
Click here to read the full article, originally published by Privacy Law Watch.