The Registration Requirement for Data Brokers Under CCPA

If you are a data broker with clients in California, you are now required to register annually with the California Attorney General’s office as part of the state’s new CCPA privacy law.

How does the law define ‘data brokers’?

According to the CCPA, a data broker is: “A business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”

The definition of ‘direct relationship’ is a little broad. According to the CCPA text, a direct relationship can be defined as:

1.    Visiting the premises or location of the business

2.    Visiting a company’s internet website

3.    Intentional interaction with a company’s online advertisements

The actual determination and interpretation of this law will be made on a case-by-case basis.

There are certain agencies that are exempt from this registration requirement. This includes:

1.    Consumer reporting agencies – covered by the Fair Credit Reporting Act

2.    Financial institutions – covered by the Gramm-Leach-Bliley Act

3.    Entities covered by the Insurance Information and Privacy Protection Act

You can complete your registration by visiting the data broker registration page.

California isn’t the only jurisdiction

While the complexities of the CCPA are not a law in Vermont, it is the only other US jurisdiction that currently requires data brokers to register with the state’s Attorney General.

Vermont enacted their own data broker law, similar to the requirements associated with the CCPA. Like California, Vermont defines a data broker as a business that doesn’t have a direct relationship with its consumers.

Vermont’s law was enacted in early 2019. The Vermont Attorney General provides examples of businesses who are not data brokers, including retailers that sell data about their customers and businesses that sell data about their employees.

Register now or pay the price

Business owners in California who are required to comply with CCPA must register with the Attorney General on or before January 31^st.

Any data brokers or list owners who fail to register before this deadline are subject to civil penalties, injunctions and costs related to actions brought by the Attorney General’s office. If you fail to meet the deadline, you be penalized $100 per day for each day that you fail to register.

As of now, all registration fees are determined by the Attorney General’s office upon registration.

Related Content:

How Do List Owners and Data Brokers Comply with CCPA?

The Basics Regarding CCPA (California Consumer Privacy Act)

The Full CCPA text

What is the California Consumer Privacy Act (CCPA)?