Welcome to 2020. The California Consumer Privacy Act (“CCPA”) is now in effect, and your business has probably spent significant time and expense preparing for the law. With so much focus on CCPA preparations, it’s important to recall that the CCPA isn’t the only California privacy law to become effective this year. California will now also require any business that meets the definition of a data broker during a given year to register as a data broker with the California Attorney General’s Office on or before January 31st of the following year. Although the law is not clear whether it retroactively applies to business practices in 2019, the California Office of the Attorney General has issued a press statement on data broker registration and posted a registration page, which strongly indicates that the AG expects qualifying businesses to register by January 31, 2020.
Under California law, a “data broker” is a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship. Data brokers that fail to register with the California Office of the Attorney General may be subject to an injunction and liable for penalties of up to $100 for each day they failed to register, unpaid registration fees, and costs associated with an enforcement action brought by the AG.
For more information on the data broker registration process and how the law compares with the Vermont data broker law, visit our post on our Focus on the Data blog here.