HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

The California Consumer Privacy Act is Now Being Enforced

On July 1, 2020, enforcement of the California Consumer Privacy Act (CCPA) of 2018 began. The CCPA took effect on January 1, 2020 and all companies covered by the Act were given a 6 month grace period before compliance with the CCPA would be enforced, although compliance with the provisions of the Act have been mandatory since January 1, 2020.

The grace period has now elapsed. California Attorney General Xavier Bercerra confirmed there will be no delay to enforcement, even though dozens of requests were made by companies and trade associations asking for the grace period to be extended for a further 6 months due to the 2019 Novel Coronavirus pandemic. The requests were acknowledged but no extension was given.

“Right now, we’re committed to enforcing the law upon finalizing the rules or July 1, whichever comes first,” said Attorney General Bercerra in a statement to Forbes. “We’re all mindful of the new reality created by COVID-19 and the heightened value of protecting consumers’ privacy online that comes with it. We encourage businesses to be particularly mindful of data security in this time of emergency.”

Now that the CCPA has teeth it means that any violation of the CCPA from July 1, 2020 can attract a financial penalty of up to $7,500 per violation. If a company is believed to be in violation of the CCPA, a warning will be issued, and the company will be given 30 days to correct the violation or financial penalties and lawsuits may follow.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The CCPA introduced a swathe of new privacy protections for California consumers and many individuals outside of California, mirroring several of the rights introduced by the EU’s General Data Protection Regulation (GDPR). The CCPA applies to all companies that have over $25 million in annual revenue, companies that collect the personal information of more than 50,000 consumers, households, or devices, and any business that derives more than 50% of its annual revenue from selling the personal information of consumers.

The CCPA gives consumers in the state of California the right to know what personal information companies are collecting and the purpose for which data is being collected. No other personal data can be collected other than the data types covered by the consent given by consumers.

Companies covered by the act must have a banner on their website informing consumers about their rights, which includes the right to opt out and not have their personal data collected. Consumers can request all personal information collected by a company be deleted and companies must have a process in place to delete personal information if such a request is received.

The CCPA prohibits the sale of the personal information of minors under the age of 16 without their permission, and the sale of the personal information of minors under the age of 13 is only permitted with parental consent. The CCPA also prohibits companies from discriminating against consumers who choose to exercise their rights under the CCPA.

There is also a private cause of action, so consumers can take legal action against companies over breaches of their unredacted, unencrypted personal information and can claim $100 and $750.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.