Consumer personal information may be part of business assets transferred to a third party in the course of a merger, acquisition, or bankruptcy when the third party assumes control of all or part of the business. If you don't know why a company rejected your opt-out request, contact the company to ask their reasons. Nor does it appear that a company must be located in California to be subject to the CCPA. However, many companies have been concerned with how to handle the personal information of business contacts.
If you are a California resident, you can ask companies to disclose what personal information they have about you and what they do with that information, to delete your personal information and not sell it. A company that has been ordered not to sell the personal information of a California resident will be prohibited from selling the consumer's personal information. Accordingly, covered companies should carefully review their existing agreements with third party service providers who are likely to collect or process California consumer information to ensure that they include the required language. The CCPA establishes that its obligations are a matter of state interest in California and supersede and prevail over all rules, regulations, codes, ordinances and other laws adopted by a city, county, municipality, or local agency with respect to the collection and sale of a consumer's personal information by a company.
While the CCPA is not clear on this point, a company can be considered “doing business in California” if it transacts online with people who reside in California, has employees who work in California, or has other connections to the state and does not have a physical location in the state. Although the CCPA specifies that it only covers companies that “do business in California, a company” could be considered to do business in California, even if it simply operates a website where California residents can provide their personal information. A California resident is a natural person (as opposed to a corporation or other business entity) who resides in California, even if the person is temporarily out of state. If you send an opt-out request to a company's service provider rather than to the company itself, the service provider may deny the request.
The CCPA also gives California residents the right to bring private lawsuits against a company if unencrypted or unredacted personal information is subject to unauthorized access and exfiltration, theft, or disclosure, as a result of the failure to implement and maintain reasonable security by the company. Procedures and Practices. While businesses are not required to verify that the person submitting an opt-out request is actually the consumer for whom the business has personal information, they may need to request additional information from you to ensure that they stop selling the right person's personal information. Businesses must also provide a link on the home pages of their websites with the title “Do Not Sell My Personal Information”, which would allow California residents to choose not to sell their personal information.