SACRAMENTO, Calif. (CNBC) – This month, California enacted a law that could have big benefits for internet privacy. But some companies were left scrambling to avoid hefty fines.
California often tries to set national policy from the West Coast on auto emissions standards, or clean energy, or how to classify workers in the gig economy.
Starting January 1, it set the new standard for internet privacy. “Know that you’re going to have far more control and choice when it comes to your personal information than you’ve ever had,” California Attorney General Xavier Becerra said.
“This is a law that’s really unprecedented in the United States,” said FTI Consulting Senior Director Andrew Shaxted.
Companies doing business in California have to provide information on their homepages that state clear information on what they do with customer data, give customers a button on that homepage to opt out, and clear instructions on how you can find out what data they have on you. Violators face fines and lawsuits.
Consultant Andrew Shaxted said some companies may not realize they have to comply. “Many organizations are not going to be ready,” he said.
Under the law, any business with at least $25 million in revenue, or which holds data on at least 50,000 customers, or makes at least half its revenues from selling customer data has to obey the law. Your business doesn’t have to be based in California. You just have to have at least one customer in the state.
It’s created a mini-boom for the compliance industry. “There’s certain governmental figures that place the cost at about $50,000 dollars for compliance all the way up to $2.5 million for compliance for this one law,” Shaxted said.
Companies have been sending out emails warning Californians that change is at hand.
But Facebook is reportedly pushing back on what it has to disclose, suggesting under the letter of the law it’s technically not selling information, just sharing it.