Breaking Down California’s New Data Privacy Law: Understanding the CCPA, what businesses must do, and what it means beyond California.
In less than a year, California’s new data privacy law—the California Consumer Privacy Act—is set to go into effect. Expect the measure to have far-sweeping consequences and impact: it applies to any company that does business in the state of California, whether a company is headquartered in the Golden State or not. Plus, many anticipate that similar privacy measures will be passed in other states—or possibly even at the federal level. This all means that it is important to be as familiar as possible with this new legislation.
What is the CCPA?
The California Consumer Privacy Act, or CCPA, was passed and signed into law on June 28,2018 and is going to take effect on January 1, 2020. It has taken some cues from the European Union’s General Data Protection Regulation (GDPR), though many will be quick to point out that the two regulations are dissimilar and have different effects on consumers and businesses.
As mentioned, it applies to companies that are located in California, or those that do business in the state and collect personal information of CA residents. Companies are impacted if they meet one of the following requirements: they have an annual gross revenue of over $25 million, they share the personal information of more than 50,000 CA residents in a year, or more than 50% of the company’s annual revenue comes from selling the personal information of CA residents.
But what precisely constitutes “personal information?” Under the CCPA it is defined as“information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” It also includes such items as geolocation data, records of personal property, and a consumer’s interaction with a website.
What it Means for Businesses
The law applies many regulations to the collection and handling of personal data. Businesses Will have new obligations. For example, companies will need to notify consumers what personal information is being collected and whether that information is sold, how it is sold, and to whom.Companies must provide consumers with an easy opt out that lets them request to “Do not sell my personal information.” Companies will have to acquiesce if consumers ask that they delete all their personal data and have any third parties in possession of that data do the same. All These requests should be able to be fulfilled free of charge to the consumer.
What’s most worth noting for businesses is just how sweeping the definition of personal information is and how any company that even does a fraction of their business in California Would have to meet the obligations of the CCPA. The penalties are important to be aware of:consumers can file a private lawsuit against the business for between $100 and $4,750 per incident. The law also requires businesses to pay a civil penalty that can total between $2,500and $7,500. Needless to say, there are expensive consequences if a company violates the CCPA.
Making Plans for CPA
California is the largest state in the Union by population and the world’s fifth largest economy,so it stands to reason that preparing your company’s data collection process to comply with the CCPA is smart. Additionally, there has been talk of other states passing similar laws, so it’s best to get out in front of the potential new wave of data collection regulations.
With our experts at Zero Parallel, there are a number of steps that we have already taken to prepare for CPA compliance. As a company with an international presence, many of our data programs have been designed and implemented for compliance with the European Union’s GDP—which arguably has stricter data regulations than CCPA.
Additionally, data access at Zero Parallel islimited: only employees that require access for their duties have access to consumer data.On the technical side, we provide a clear unsubscribe feature so that individuals have the ability to easily opt-out of any data collection. Plus, at Zero Parallel we have a dedicated compliance team that eagerly tackles any and all data issues. By keeping an eagle eye on data security concerns, we can feel confident in our ability to comply with CCPA and any similar regulations.
It is encouraged that all businesses take a close look at how they collect consumer data, what they do with it, and how core revenue streams might be affected by consumers who decide to opt out of having their data collected.