Three-Quarters of CCPA Violations Fixed within 30 Days
Seventy-five percent of the California Consumer Privacy Act (CCPA) violations reported to the California Department of Justice by residents are fixed within 30 day, according to California Attorney General Rob Bonta, who also encouraged California residents to exercise their new data rights.
The Attorney General’s office began enforcing the CCPA on July 1, 2020, six months after it went into effect. The new law gives residents of the state the right to know what personal data companies are collecting about them, whether they’re selling that data, and to whom. Residents can demand access to that data, and even request that companies delete their personal data.
The law requires companies that are subject to CCPA (mainly larger firms and those whose businesses are primarily data oriented) to address reported CCPA violations by residents within 30 days, or the “cure” period. Companies that fail to fix the problem can be fined up to $7,500 by the Attorney General’s office. Consumers themselves are eligible to collect some of that money, in some cases exceeding $750 per incident.
It’s unclear how many alleged violations the California Department of Justice has received. Attorney General Rob Bonta stated that the other 25% of businesses are currently under investigation or are still within the 30-day period.
Among the violations were:
- A car company failing to notify customers about its use of personal information among customers signing up for test drives at a dealership;
- A grocery chain failing to list a “Notice of Financial Incentive” in its rewards program;
- A social media app company failing to respond to CCPA requests in a timely manner
- And an online dating platform that didn’t have a “Do Not Sell My Personal Information” link on its homepage.
Some larger businesses have received millions of requests from residents seeking to find out what data the businesses are collecting about them, which is a new right that residents have under the CCPA. Smaller businesses are receiving on the order of hundreds of requests, Bonta’s office stated in a press release.
“Enforcement of the CCPA marks an enormous step for privacy protection in California, particularly at this time after the COVID-19 pandemic moved so much of our lives online,” Bonta stated in a press release. “We’re happy to announce that we are seeing great progress with our CCPA enforcement, but there’s more work to be done.
Bonta, who succeeded Xavier Becerra as California AG earlier this year after Becerra accepted a request from President Joe Biden to become the Secretary of Health and Human Services, encouraged residents to file more CCPA complaints.
“Plain and simple: Exercise your rights under the CCPA,” he stated. “Any Californian is empowered to opt out of the sale of their personal information online.”
Bonta also announced a new Data Privacy Protection Tool that enables residents to inform companies that they appear to be out of compliance with CCPA, such as for lacking a “Do Not Sell My Information” option on their website or app. The tool can be accessed here.
The CCPA was signed into law in 2018 by then-Governor Jerry Brown, becoming the first state law restricting what data companies can collect and how they can use it. In November 2020, California voters approved Proposition 24, which enacts the California Privacy Rights act (CPRA), which will replace the CCPA when it goes into effect on January 1, 2023.