Can I ignore my obligations as a service provider with access to personal information in California? What are the requirements?

Obligations of Service Providers with Access to Personal Information in California

As a service provider with access to personal information in California, you cannot ignore your obligations under the California Consumer Privacy Act of 2018 (CCPA) ^[2.2]. The CCPA requires that businesses and service providers that collect personal information from California residents comply with certain requirements, including:

1. Maintaining only relevant and necessary personal information ^[1.1]
2. Implementing and maintaining reasonable security procedures and practices appropriate to the nature of the information to protect the personal information ^[2.2]
3. Providing a clear and conspicuous link on the business’s internet homepages, titled “Do Not Sell or Share My Personal Information,” to an internet web page that enables a consumer, or a person authorized by the consumer, to opt-out of the sale or sharing of the consumer’s personal information ^[2.4]
4. Not requiring a consumer to create an account or provide additional information beyond what is necessary in order to direct the business not to sell or share the consumer’s personal information or to limit use or disclosure of the consumer’s sensitive personal information ^[2.4]
5. Including a description of a consumer’s rights pursuant to Sections 1798.120 and 1798.121, along with a separate link to the “Do Not Sell or Share My Personal Information” internet web page and a separate link to the “Limit the Use of My Sensitive Personal Information” internet web page, if applicable, or a single link to both choices, or a statement that the business responds to and abides by opt-out preference signals sent by a platform, technology, or mechanism in accordance with subdivision (b) ^[2.4]

Failure to comply with these requirements may result in a civil action by a consumer ^[2.2]. Additionally, any business, service provider, contractor, or other person that violates the CCPA may be liable for an administrative fine of not more than two thousand five hundred dollars ($2,500) for each violation or seven thousand five hundred dollars ($7,500) for each intentional violation or violations involving the personal information of consumers whom the business, service provider, contractor, or other person has actual knowledge are under 16 years of age ^[2.1].

Therefore, it is important that you take your obligations seriously and ensure that you are in compliance with the CCPA. If you have any further questions or concerns, it is recommended that you consult with a legal professional.

^[1.1]: Relevant and Necessary Personal Information ^[2.1]: Administrative Enforcement ^[2.2]: California Consumer Privacy Act of 2018 ^[2.4]: Opt-Out Requirements

Source(s):

• [1.1] Section 1798.14 - Agency Requirements
• [2.1] Section 1798.155 - California Consumer Privacy Act of 2018
• [2.2] Section 1798.150 - California Consumer Privacy Act of 2018
• [2.4] Section 1798.135 - California Consumer Privacy Act of 2018

Jurisdiction

California

• Privacy