With the recent passage of the Delete Act, California is continuing to raise the bar when it comes to data privacy in the United States. As the first state to pass a comprehensive privacy law, and the only one with an agency dedicated exclusively to privacy enforcement, the state has moved aggressively to fill the vacuum left by the lack of federal regulation.
While the Delete Act works alongside the California Consumer Privacy Act (CCPA), and in some ways supplements it, most CCPA-compliant businesses will not need to concern themselves with the new law’s requirements. That’s because the Delete Act has its sights set squarely on one particular type of business: data brokers.
Here is a quick summary of the California Delete Act and what it means for both businesses and consumers.
The Delete Act is a relatively short bill (especially when compared to its cousin, the CCPA), but still manages to pack a lot in. Here are its five main components.
The Delete Act only applies to data brokers, so it’s important to know what that means. A data broker is “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”
The Delete Act shares common defined terminology with the CCPA, so terms like “business,” “sell,” and “third parties” all have the same meaning as they do in the CCPA. While a lot of businesses may “sell” personal information according to the CCPA, the vast majority of them have a direct relationship with those consumers (e.g., as customers or website visitors), so they won’t need to worry about the Delete Act’s new requirements.
Businesses that fail to comply with the California Delete act are liable for administrative fines:
For larger businesses, the first fine may not be much of a deterrent (maxing out at $73,000 a year), but the second set of fines could add up very quickly. For example, if a data broker fails to delete the data of 10,000 consumers who have filed a request online, the resulting fine would be $2 million per day.
Interestingly, the amounts don’t appear to be discretionary. In other words, the statute doesn’t say the fine may be up to $200 per day, but rather that the fine is $200 per day.
Here are the Delete Act’s important dates:
Privacy compliance is more complicated than many realize, and it grows more complicated with each new law and regulation. For small and medium-sized businesses, it can be almost impossible to keep up.
TrueVault US simplifies privacy compliance across multiple state laws, so that businesses can handle it on their own. With an interface that is familiar to anyone who has done their own taxes online, TrueVault guides you through every step of the process, from onboarding vendors to handling privacy requests.
Contact our team to learn more and view a demo of how TrueVault works.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal or other professional advice. Without limiting the foregoing, the content may not reflect recent developments in the law, may not be complete, and may not be accurate or relevant in an applicable jurisdiction. This content is not a substitute for obtaining legal advice from a qualified licensed attorney in the applicable jurisdiction. The content is general in nature and may not pertain to specific circumstances, so it should not be used to act or refrain from acting based on it without first obtaining advice from professional counsel qualified in the applicable subject matter and jurisdictions.
Our attorney-designed software will step-by-step guide you through the compliance process from start to finish.
Request a Demo201 Mission Street, 12th Floor
San Francisco, CA 94105
Email: hello@truevault.com
2024 © All Rights Reserved. Privacy Policy | Terms of Use | Supplemental Terms | California Privacy Notice