California Consumer Privacy Act and the risk to Small Business

Late last week, California passed the California Consumer Privacy Act of 2018. Effective as of January 1st, 2020, the bill is a big step up in consumer privacy.

Small Businesses, however, may be affected if they meet any of the three thresholds:

  • Has annual gross revenues in excess of twenty-five million dollars ($25,000,000)
  • Alone or in combination, annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
  • Derives 50 percent or more of its annual revenues from selling consumers’ personal information.

If your business falls into any of those three categories, here what you need to look out for:

Data Requests

Starting in 2020, businesses will have 45 days from the receipt of a data request to give a consumer the information they have on them free of charge. The disclousre must cover the 12 month period from before the request was made and the disclosure must be delivered by mail or electronically at the consumers request. Depending on the amount of customers and prospects your business has on file, requests can be timely and expensive.

Website Notice

Businesses will be required to “provide a clear and conspicuous link on the business’ Internet homepage, titled ‘Do Not Sell My Personal Information…'”. This link must lead to a web page that allows any consumer to opt out of the sale of their personal information by your business. Also the web page must describe section 1798,120 of the bill, which means a lot of web developers copying and pasting this:

1798.120.

(a) A consumer shall have the right, at any time, to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information. This right may be referred to as the right to opt out.
(b) A business that sells consumers’ personal information to third parties shall provide notice to consumers, pursuant to subdivision (a) of Section 1798.135, that this information may be sold and that consumers have the right to opt out of the sale of their personal information.
(c) A business that has received direction from a consumer not to sell the consumer’s personal information or, in the case of a minor consumer’s personal information has not received consent to sell the minor consumer’s personal information shall be prohibited, pursuant to paragraph (4) of subdivision (a) of Section 1798.135, from selling the consumer’s personal information after its receipt of the consumer’s direction, unless the consumer subsequently provides express authorization for the sale of the consumer’s personal information.
(d) Notwithstanding subdivision (a), a business shall not sell the personal information of consumers if the business has actual knowledge that the consumer is less than 16 years of age, unless the consumer, in the case of consumers between 13 and 16 years of age, or the consumer’s parent or guardian, in the case of consumers who are less than 13 years of age, has affirmatively authorized the sale of the consumer’s personal information. A business that willfully disregards the consumer’s age shall be deemed to have had actual knowledge of the consumer’s age. This right may be referred to as the “right to opt in.”

Data Breach Fines

If your business suffers a data breach, and it is determined that you failed to implement and maintain reasonable security procedures and practices, the following actions may occur:

  • To recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.
  • Injunctive or declaratory relief.
  • Any other relief the court deems proper.

So for example, a data breach that involved only 1,000 users could potentially cost a business $100,000 to $750,000.

To see the full text of the bill, click here!

Data Breaches can happen to businesses of any size

Sign up to our newsletter and get a FREE Cyber Threat Report 

If your company is like many organizations, your IT infrastructure progressed over time, trying to keep up with the pace of your business. Without the right kind of IT planning and careful technology management all along, your technical environment probably has gaps.

Our IT assessments provide a clear picture of your current IT infrastructure and operations. Whether faced with budget shortfalls, limited resources, aging infrastructure or an outdated strategy, our detailed assessment reports provide relevant findings and recommendations to spur meaningful organizational change.

VISN-IT provides comprehensive assessments of both IT infrastructure and IT operations. Our IT infrastructure assessments evaluate all major infrastructure components, including servers, storage networks, security, desktop infrastructure, end-device hardware and applications. Our IT operations assessments evaluate critical operational areas, such as IT strategic planning, IT staffing, IT operational processes, IT governance, IT vendor management and IT support.

CALL 718-227-5500 NOW FOR A NETWORK ASSESSMENT

Preparing for an IT Disaster

IT disasters are devastating to the infrastructure of any business. In 2018, threats to your IT infrastructure are growing no matter what sector your business ...
Read More →

Building an Incident Response Program

In part one of our series, our overview of Building an incident response plan, we discussed what regulations organizations will need to meet in order ...
Read More →

NetConnect / VISN-IT Featured in StorageCraft Press Release

New StorageCraft Partner Success Program Boosts Profit Paths Across All Channel Partner Business Models DRAPER, Utah, Sept. 27, 2018 /PRNewswire/ — StorageCraft®, whose mission is to protect all ...
Read More →

Small Business Cyber Security Concerns

The truth is that Small Businesses have a lot to fear when it comes to Cyber Security. Any disruption that causes downtime or loss of ...
Read More →

Email Compromise – How Does it Work?

Email compromises are becoming more and more dangerous every year, and it’s important to know how they work.  Email Compromises involve the hacking of a ...
Read More →
Cloud Computing

Cloud Computing Pros and Cons

What is the cloud?  Cloud Computing is “the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, ...
Read More →

Phishing Threats

Phishing threats are getting more and more sophisticated as cyber security measures become smarter. The main reason why phishing must be handled differently than other ...
Read More →

The Dark Web and You

Why Should I Care About the Dark Web?Chances are that somewhere out on the Dark Web lies passwords, email address, and other compromising information that ...
Read More →

The New Extortion Scam you’ll want to look out for!

Email Threats constantly evolve and try to find new ways to steal your money or steal your information. A large part of Cyber Security is ...
Read More →

Two Factor Authentication – Do I Really Need It?

Two Factor Authentication procedures or Multi Factor Authentication procedures are a part of many interactions in our daily life. Most credit and debit cards now ...
Read More →

The True Cost of a Data Breach

One of the biggest headaches your company can endure is a data breach. Whether its caused by employee error or targeted cyber attacks, the long ...
Read More →
Employee Data Risk

Employees and Data – Are You At Risk?

One of the main sources of data vulnerability is employees. When owners and executives think of data breaches, however, one of the last places they ...
Read More →

California Consumer Privacy Act and the risk to Small Business

Late last week, California passed the California Consumer Privacy Act of 2018. Effective as of January 1st, 2020, the bill is a big step up ...
Read More →

Data Regulation and the Future

Every day more and more data breaches are occurring. Virtually every consumer in the United States already has had their information leaked to the dark ...
Read More →

Best Practices for Online Safety

Online safety is something everyone should care about. All of your sensitive information such as financial data, identity data, and viewing data are all over ...
Read More →