California, you need to know about an existing law as well as a proposition that was approved in 2020 and will take effect in 2023.
California Consumer Privacy Act of 2018: The CCPA gives consumers a lot of power to dictate their privacy preferences to a business. The provisions include the right toRequest that a business disclose categories and specific pieces of personal information collected about customersRequest the source of the information as well as the business purpose for that customer informationRequest that the business delete any personal information the business may have collectedRequest to opt out of the sale of their personal information by a business (which is not allowed to discriminate against consumers for opting out)
California Consumer Privacy Rights Act: Voters approved Proposition 24, the Consumer Privacy Rights Act (CPRA), in the November 2020 general election. The CPRA will go (or, depending on when you buy this book, has gone) into effect on January 1, 2023.The CPRA expands consumer data privacy laws in three ways:Consumers can stop businesses from sharing their personal information.Consumers have the power to correct inaccurate personal information collected by a business.Consumers can also limit the use of sensitive personal information by businesses. That information includes race, ethnicity, religion, sexual orientation, specific health information, genetic data, and the consumer’s precise geolocation.What’s more, the CPRA authorizes the formation of the California Privacy Protection Agency to implement consumer privacy laws, enforce those laws, and levy fines. This new agency will also have to figure out how to interpret the portion of the CPRA that says businesses can’t keep personal information for longer than “reasonably necessary.”
Data Broker Registration: California law defines a data broker as a business that deliberately collects and sells consumers’ personal information to third parties. If you’re a data broker in California, you have to register with the state attorney general’s office every year.What this means for you as a private citizen is that if you want a list of data brokers in the state, you can access the website at https://oag.ca.gov/data-brokers. The website has links to the broker submission information, the contact email address, the broker website address, as well as a link to a list of incomplete registrations.
Colorado
On July 1, 2023, the state of Colorado added the Colorado Privacy Act (CPA) to the existing Colorado Consumer Protection Act. The CPA defines terms for covered businesses, consumers, and data, notably the term controller, as the person or group that determines how they use customer data.
As you would expect, the CPA also includes information about consumer rights and business responsibilities about using customer data. Under the law, the state attorney general and district attorneys throughout the state have the authority to prosecute violators. (For more on the specific language of the legislation, see https://leg.colorado.gov/bills/sb21-190.)
Nevada
Nevada state law requires websites to give visitors the option to opt out of having their personal data sold to third parties. The website also must give customers the ability to contact the company to request that the company not sell their personal information that has been collected.
A company can add one or more of the following three communication methods to the website:
A web page or website that allows the user to make the request, such as on a form
An email address the user can click on to submit the request
A direct phone number to the company that allows someone to verbally submit a request
Nevada added another Internet privacy law in 2021, SB260, that narrowly defines the term sale when it comes to consumer data, creates new requirements for data brokers, and adds exemptions for certain entities, like consumer reporting agencies. You can view an in-depth summary on the JD Supra website at www.jdsupra.com/legalnews/nevada-gov-sisolak-signs-senate-bill-sb-5355176.
Vermont
Like laws in California and Nevada, Vermont has a law that requires data brokers to register annually. However, data brokers need to register with the Vermont secretary of state, not the attorney general. The secretary of state website at https://sos.vermont.gov/corporations/other-services/data-brokers has information about what is and what isn’t a data broker, a link to a data broker search, and a link to the state’s data broker law.
Virginia
The Virginia Consumer Data Protection Act, or CDPA, was passed in 2021 and goes into effect on January 1, 2023. The CDPA applies to all persons who conduct business in the state and who also meet these two criteria:
Control or process the personal data of at least 100,000 consumers in a calendar year
Derive 50 percent of gross revenue from the sale of personal data as well as control or process the personal data of at least 25,000 consumers
The JD Supra website has a good overview of what the law does, how you can prepare for it, and how to handle uncertainties about implementing the law, at www.jdsupra.com/legalnews/virginia-s-new-data-privacy-law-an-8812636.
Setting Company Policies
If your business does business online, it’s common sense to have policies in place to make sure that your business is protected, no matter whether laws exist to protect you. That means you should seriously consider putting a privacy policy on your website that includes at least the following information:
What types of personal information your business collects
What information is shared with third parties, if any
How consumers can request changes to their information
How someone can opt out of having their data collected
https://termageddon.com).
But online policies aren’t just about posting a privacy policy on your website and forgetting about it. You also need to specify the terms of service for your product, service, or content.
You also need to understand how to market your business online so that you don’t run afoul of laws designed to eliminate junk email — what you probably know as spam. (It’s no longer just a processed lunch meat or a famous
