By: Christian Batallas, Member-Candidate, J.D. Candidate, May 2020, St. Thomas University School of Law.

On June 28, 2018, Governor Jerry Brown signed into law the California Consumer Privacy Act (CCPA). This revolutionary privacy regulation is the most extensive and comprehensive privacy regulation to date will come into effect January 1, 2018.  The ”CCPA” now grants consumers the right to know what specific personal data companies are collecting, how it is being used, the right to access the information, delete it and even be able to opt out of a “sale” of the collected information. Violation of this regulation by corporations can result in fines of up to $2,500 per violation or $7,500 per intentional violation. Furthermore, in an effort to protect the youth, the regulation will now prohibit companies from knowingly selling the personal information of any individual under the age of 16, unless consent is granted. In the case of 13-year-old’s, parental or guardian authorization will be needed. Additionally, the act has also broadened the definition of “personal information”. Under this new definition, any information that can reasonably be associated with an individual will now constitute as private information.

Although this regulation’s scope is limited to corporations engaged in business in California and only protects California’s residents, this sets precedent for broader regulations in the future.  In fact, Rob Perry, VicePresident of product marketing at ASG Technologies states that: “Already, Georgia is working on its own privacy legislation. As organizations face more and more regulations, it’s essential that marketers understand the ins and outs of each regulation and adjust their tactics and strategies to be compliant.” It is inevitable for other states to follow suit, and as a result, this may finally end the corporate tyranny of personal information dealings.