The California Consumer Privacy Act (CCPA) went into effect earlier this year which means, if you don’t already know about it, it is time to find out and ensure that your business is compliant with its demands. The CCPA is a large bill and covers a lot of data, which makes ccpa compliance a daunting task.That said, it is completely necessary for the protection of internet consumers, so businesses need to take compliance seriously. If you are a new business owner, then don’t worry, below you will find all of the information about the CCPA and what you need to know to be compliant.
The CCPA is a relatively new bill which means not everyone will have heard of it. If you haven’t, then you may be wondering “what is ccpa?” The california consumer privacy act is a california data privacy law that is meant to protect consumers from large corporations that collect data on them and then sell that information for their own gain.
If you are a resident of California then, because of the CCPA, you are allowed to demand a list of all information that a company has gathered on you and who it has been shared with. If you find that your privacy was violated by that company then you are within your rights to sue them, whether there was a breach or not.
This makes it much riskier and more time-consuming for businesses to collect data on their customers and will, hopefully, result in less data being collected overall. I can’t speak for everyone, but I am in no way comfortable with the idea of any company I come into contact with collecting personal information on me and using it for their own purposes. Any law that makes that more difficult I consider to be a good one.
Who Is Required To Comply?
If a business receives $25 million dollars or more in revenue per year and serves California residents then it is beholden to the california privacy act, but that is not the only qualifier. If a company has collected the personal data of, at minimum, 50,000 people or if more than 50% of their annual income comes from selling personal data then they are also required to be compliant with the ccpa law.
Where the company is based out of does not affect whether they must be compliant with this law, if they meet any of these criteria then they must be compliant with the ccpa law.
If my business isn’t located in California, why should I worry about compliance?
Businesses that operate in California must comply with the ccpa requirements whether they are based in California or not. This california privacy law even affects international businesses that aren’t based in the United States.
If your business collects data on consumers that are residents of California then you are beholden to the CCPA and must be compliant, if you are not then you will face the consequences outlined in the CCPA whether you are based in California or not.
If you are an online-based company then it is best to avoid the possibility of a problem occurring and just ensure that you are compliant with the ccpa compliance checklist regardless of whether you operate in California or not.
When does the law go into effect?
January 1st, 2020 is when the california privacy law 2020 went into effect, but it will not be enforced until July 1st, 2020. The law was signed in June of 2018.This means that businesses that operate in California had over 2 years to ensure that they fully understand the CCPA and have become compliant with its demands. This seems like more than enough time, especially considering the seriousness of consumer privacy and the lack of attention it is paid.
Identity theft is a rampant issue in the United States and it is laws like these that help to protect the average consumer from having their personal information used against them.
What kinds of disclosures are qualifying companies required to provide under CCPA?
The CCPA requires that a company disclose all information regarding the personal data they have collected on an individual. This includes things like the categories of personal information they have collected and the sources of that information, the reason they are collecting that data, who that information is shared with, what third-parties that data has been sold to, and every specific piece of information about your person that has been collected.
This means that, if you are a resident of California, you can demand to know all of this information at any time and a company that is beholden to the CCPA will have to comply with that demand. If they do not comply, then you are within your rights to sue them for mishandling your data.
How does the CCPA define PI?
The CCPA is very broad in its definition of personal information. It covers a lot of different types of data and they are mostly common-sense things. Your name, the addresses of your work or home, any telephone number you have, your email address, the number of your passport, your national ID card, your SSN, a state-issued driver’s license in your name, your medical information, and psychological, genetic, or cultural information about you are all covered by the CCPA’s definition of personal information regarding your identity.
That is not all that is covered by the CCPA. Your banking information, tax filing number, credit card numbers, and your posts on social media are also covered under financial information. Then there is your online information which also includes posts on social media platforms as well as your IP address, your location, and site cookies.Any of this information is considered Personal Information (PI) by the CCPA.
Third-party risks increase with new privacy regulations
As new privacy regulations are put into effect it becomes riskier for businesses to interact with third-parties because, if they are not careful with the data they have collected, then they could face heavy consequences by failing to comply with those regulations.
Understanding how these new regulations work and how to be compliant with them should become a primary consideration for any business that collects user data and they should be extremely careful about which third-parties they interact and share data with.
Finding the upside of new privacy rules
The main upside of new privacy regulations is that it is another step forward in the fight against identity theft and provides protection for everyday people that use the internet. Few people want to have their information collected by companies and then sold to whoever will pay them, laws like this make it much more difficult for things like that to happen. Unfortunately, it does make it more difficult for businesses to operate, but it is a price worth paying for the majority of people.