What Is the California Consumer Privacy Act?
On the surface, the California Consumer Privacy Act (CCPA) of 2018 may slightly resemble the European GDPR in spirit, but the CCPA features its own unique set of consumer rights.
The CCPA’s purpose is to benefit “consumers” who, in this case, are defined as California residents. This act features four basic rights related to consumers’ personal information, which are:
- The right to know about the personal information that a business has collected about them. Additionally, the consumer has the right to know how and where the information was collected, its intended use, and whether it is being disclosed or sold, and if so, to whom it is being disclosed or sold.
- The right to “opt out” of permitting or allowing a business to sell a consumer’s personal information to any third parties. This right also addresses consumers under the age of 16 years, providing a specific “opt-in” provision for the young consumer or their parents, on behalf of their child.
- The right to have a business delete the consumer’s personal information upon request, featuring some exceptions.
- The right to receive equal service and fair pricing from a business, even when consumers exercise their privacy rights under the CCPA.
The overriding goals of the CCPA are to let California consumers know more about the data collected about them, along with putting some of the rights regarding that information back into consumers’ hands.
What Do You Need to Think About When it Comes to California Consumer Privacy Act Compliance?
One of the most important considerations for business owners is whether or not it is required to comply with the CCPA. Businesses that must comply with the CCPA include the following:
- For-profit businesses that collect and control California consumers’ personal information.
- Organizations that do business in the State of California that a) have annual gross revenues exceeding $25 million or b) collect or disclose personal information for 50,000 or more California residents.
- Businesses that earn 50% or more of their annual revenues due to selling California residents’ personal information.
Given the large population of California, as well as its massive economic presence nationally and globally, many companies do serve California residents, even if the organization is nowhere near the state. Therefore, many companies must be CCPA compliant, even if only doing limited business with customers in the state.
It is important for business leaders everywhere to learn more the CCPA to understand any possible compliance obligations.
Are There Penalties for Non-Compliance?
Enforcement of the CCPA is largely based on consumer lawsuits, meaning that consumers may sue companies if their data has been stolen or disclosed due to theft, data breach or any other evidence of negligence.
Additionally, the California Attorney General may impose a fine of $2,500 per violation to a business upon his or her independent investigation and findings of non-compliance.
What Is the Enforcement Deadline for the California Consumer Privacy Act?
Businesses subject to the CCPA must become fully compliant by January 1, 2020.
How We Can Help You Approach the California Consumer Privacy Act
Are you wondering if you need to become CCPA compliant? I.S. Partners, LLC. can help you understand all the details about this new law. We would love to assist you in developing a solid strategy to achieve and maintain optimal CCPA compliance.