Facebook. Yahoo. Equifax. Millions of consumers have seen time and again that companies they trust have acknowledged their personal and financial information, that data has been hacked, stolen or otherwise used without their permission.
But California's new Consumer Privacy Act has been adopted This week, consumers will be given unprecedented power to protect their data and hold companies accountable for violations, subject to an electoral initiative.
Here's how the new law will affect your online life.
Q Do I just have these new protections?
A Not yet. The law will only enter into force on 1 January 2020. That seems to be a long way off. But the law was driven by an initiative drawn from the vote in November, which would only have been in effect six months after its adoption. The law gives companies about six months more to comply with than they would have done if the initiative were to be adopted.
Q What rights do I have under this new Privacy Act?
A The new law guarantees the right to know what information is collected about you, including the rights to access, download or transmit your information. It gives you the right to deny companies the sale of your data. It gives you the right to force companies to delete private data that they have collected from you. It prohibits the sale of data about children without their consent. Businesses generally can not penalize consumers who exercise their rights under the new law. And there are companies liable for violations and data breaches
Q Can not I ask companies to tell me what they are getting from me and excluding them from the sale?
Q Are children covered by the new law?
A The 1998 Federal Law on the Protection of the Privacy of Children already applies to children under the age of 12. It requires parental consent, with limited exceptions, before personal information is collected online from children, and allows parents the right to see the collected information about their children and have them erased. The new California law adds another layer that requires children under the age of 16 to consent to the sale of their online data.
Q Are there provisions of the new law elsewhere?
A This new law contains some concepts from the General Data Protection Regulation of the European Union, which came into force in May. This includes the right to access and transfer your information – for example, to another social media or e-mail provider – and to force companies to erase the information you collect. Q No companies are required to protect my online data and violations
A Under current law, companies must take reasonable steps to protect your personal information. The new law gives you the right to claim damages for unauthorized access, theft or disclosure of your data.
Q OK, I've been notified that my data has been violated. How do I get justice under this new law?
A If you lose money as a result of the breach, you can file a lawsuit to cover these costs. If you're still unsure, you can notify the company of violations that trigger a lawsuit in which either you or the attorney general can file suit. The new law gives the company the opportunity to remedy the violation. If this is not possible, the consumer could file suit and inform the Attorney General. The Attorney General could then either take over the case, allowing private lawsuits to continue or block them if they are considered frivolous.
Q What can I do if I think a company is not? meet other new requirements, such as data that has been collected about me or that can exclude me from the sale?
A Tell the company that you are breaking the law and inform the Attorney General. The state will be mandated over the next 18 months to develop an easy way for consumers to report suspected violations to the Attorney General.