#1 Firearms Compliance Program in the Country

    The GOLD STANDARD in Legal Services and Compliance Solutions for the Firearms Industry

    Become a Client NOW! Call: 1-888-335-4731

    Executive, Corporate, Group, and Installment Plans Available

    The Most Experienced. The Most Trusted. The Original.

Protect yourself, and your business. Your FFL may not be as easily replaced as you think.

WHILE U.S. BUSINESSES CONTINUE TO GRAPPLE WITH THE EU GDPR, CALIFORNIA JUST PASSED THE TOUGHEST DATA PRIVACY LAWS IN THE UNITED STATES

Throughout the months leading up to the implementation of the EU General Data Protection Regulation (GDPR) — the EU’s radical overhaul of data privacy rules and regulations — we predicted that the states would begin enacting tougher, more stringent data privacy laws. (We even predicted that California would take the lead.)  Yesterday, California enacted the California Consumer Privacy Act of 2018, which sets forth new requirements for the collection, use and sharing of personal information and disposes of a proposed ballot initiative which would have imposed substantially tougher privacy measures. Here is your “Renzulli Run Down” of several key aspects of the new law:

  • The law applies to businesses with annual gross revenues over $25 million, or that meet other defined criteria.
  • The law gives a number of rights to California consumers, including:
    • The right to know what personal information is being collected about them.
    • The right to know whether their personal information is sold or disclosed and to whom.
    • The right to say no to the sale of personal information.
    • The right to access their personal information.
    • The right to equal service and price, even if they exercise their privacy rights.
  • Like the GDPR, transparency is key under the new law. Businesses will be required to inform consumers of the categories of personal information being collected and the purposes for which that information is collected “at or before the point of collection.”
  • Businesses will be obligated to delete personal information upon request, under certain circumstances, and will be required to ensure that their service providers do the same.
  • The law also creates a private right of action for consumers, under certain circumstances, and provides for damages between $100 and $750 “per consumer per incident” or actual damages, whichever is greater.

Although the law does not go into effect until January 1, 2020, businesses need to assess existing data privacy policies and practices to ensure compliance before January 1, 2020.  Now is the time to conduct those assessments, particularly given that every business should also be evaluating existing data privacy policies and practices to determine whether the GDPR applies and, if it does, to ensure compliance. (You can read more about the importance of GDPR compliance here and here.)

IRS Circular 230 Disclosure: As required by U.S. Treasury Regulations, we advise you that any tax advice contained in this communication is not intended to be used for, and cannot be used for, the purpose of avoiding penalties under the United States federal tax laws.

Providing FFLs

Peace of Mind to Prosper

The Gold Standard in Legal Services and Compliance Solutions for the Firearms Industry