ACMA’s Privacy Resource Page


Online, catalog and direct merchants collect customer transaction data and PII (personally identifying information) to facilitate direct transactions and meet consumer expectations. This enables retail outlets to remember their order history and shipment or billing particulars. Such merchants hold the trust and confidence of their customers paramount and will not do anything that may damage that trust. To preserve our ability to operate across the nation, merchants need clear federal privacy legislation, not 50 (or more) different approaches as many states follow California’s lead in adopting their own privacy laws.

General Data Protection Regulation (European Union): The GDPR dictates how consumer data can be collected, analyzed, transferred, and stored, requiring businesses that work with EU citizens’ data to follow required practices or face penalties. Implemented in May 2018.

California Consumer Privacy Act (CCPA): Similar to GDPR, the CCPA also outlines how businesses can collect, store and transfer consumer data from Californian residents. CCPA enhances privacy rights and consumer protection for residents of California. Passed by the California State Legislature and signed into law in June 2018. Went into effect in January 2020. In November 2020, California voters passed Proposition 24, the California Privacy Rights Act (CPRA), which amends and expands the CCPA.

Other State-Level Privacy Legislation Of Note: