California Consumer Privacy Act (CCPA) is in Effect: Here’s What You Need to KnowJanuary 15, 2020
A new data protect regulation will change the way your company handles customer data. Learn more about the California Consumer Privacy Act (CCPA), effective January 1, 2020.
Have you noticed a button or link at the bottom of the websites you visit saying “Do not sell my personal information”? That change is one of many that went into effect January 1, 2020 thanks to the California Consumer Privacy Act of 2018 (the “Act"). Here we dive into the Act and what other changes you can expect in coming months.
What is the CCPA?
The CCPA was signed into law on June 28, 2018 and is a state statute intended to enhance privacy and consumer protection rights for consumers. The Act intends to give users several basic rights-
- The right to know what personal information is being collected about them,
- The right to access that data,
- The right to know who it’s being sold to and
- The right to opt out of those sales.
As we covered in our blog, California Consumer Privacy Act Paves the Way for Data Privacy Regulations, Effective January 1, 2020, the Act is applicable to all “for-profit” businesses that collect and control California residents’ personal information, do business in California, and:
- Have annual gross revenues in excess of $25 million; or
- Receive or disclose the personal information of 50,000 or more California residents, households or devices on an annual basis; or
- Derive 50% or more of their annual revenues from selling California residents’ personal information.
Does it only apply to Californians?
Since the CCPA applies to any company that collects and stores data from California residents, your company may be affected even if it is located outside of CA.
These requirements will likely transform the internet for everyone. More than a dozen states including Nevada, Pennsylvania and New York have data privacy regulations similar to the CCPA planned, with more states expected to follow.
In addition, many companies are expected to extend these protections to users across the U.S. so they don’t have to worry about distinguishing who is or is not a California resident. Microsoft, for example, has made the decision to extend protections under the CCPA and the General Data Protection Regulation (GDPR) to all of its customers in the states.
CCPA compliance checklist
So, how do businesses ensure they’re in compliance?
- Check whether the CCPA applies to your business.
- Take stock of the personal data your business collects.
- Prepare to perform access and deletion requests.
- Analyze how you are sending personal information to outside entities.
- Analyze how you are sharing personal information with affiliates.
- Review vendor contracts. You may need to amend existing contracts and update standard terms.
- Discuss whether you need to modify services for customers who block sales of their personal information.
- Check to see whether your company collects data from children ages 13-15. There are special consent requirements under the CCPA when a business sells personal information of consumers under 16.
- Take a close look at your company’s data security practices and mitigate liability exposure.
- Stay abreast of CCPA updates and developments.
What are the penalties for noncompliance?
Businesses have 30 days to comply once regulators notify them of a violation, and if the company does not resolve the violation, they face a fine of up to $7,500 per record affected in the breach.
Example of CCPA button/link
Here’s what you will see on many websites:
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Questions on CCPA and how it will impact you? Contact us