The California Consumer Privacy Act of 2018 (CCPA) is a landmark law that secures privacy rights for California consumers, gives them control over the personal information that businesses collect about them, and provides guidance on how to implement the law.
According to CCPA requirements, personal information includes data that can identify a person in any particular way, such as:
- Identification information: name, surname, alias, address, passport number…
- Web data: IP address, search history, e-mail address…
- Commercial data: personal property information, products and services purchased…
- Biometric data
- Information regarding employment
Businesses that gather personal information about their customers should be familiar with the EU General Data Protection Regulation (GDPR), the law that regulates personal information rights in Europe. GDPR brought substantial changes to the whole customers’ personal information gathering, processing, and storing regulations and protection laws, for instance having websites display the warning about cookies, as well as a necessary data protection agreement, and more.
CCPA has some resemblance to EU’s GDPR, however, there are some crucial differences:
Personal data– GDPR seeks to cover publicly available information, while CCPA does not, meaning that this law does not include data from government records. Furthermore, GDPR protects healthcare information, including data from EHR systems and other software, while CCPA does not cover medical records because of the Confidentiality of Medical Information Act in place.
Industries– GDPR compliance is bound by law for all organizations that collect, process, and store personal information about EU citizens, while the CCPA is only appliable for businesses that have revenue above $25 million.
Transparency– According to both GDPR and CCPA, organizations are obliged to reveal the type of collected personal data and how it is used. The only difference is that CCPA requires the companies to provide this information only for the last 12 months, while by GDPR no timeframe is defined.
Penalties– The fine for GDPR rules violation is up to 4% of annual turnover or 20 million EUR, depending on which amount is higher. Penalties for CCPA violation are a $7,500 fine and $750 per person whose information was not collected in CCPA compliance.
Business types that are affected by CCPA:
CCPA rules apply to any company that uses and processes the personal information of California citizens, regardless of the location of the company (e. g. e-commerce, financial field, etc.).
Some of the businesses that need to comply with the CCPA regulations necessarily are listed below:
- Businesses with an annual revenue that is more than $25 million
- Companies purchasing, selling or sharing the personal information of more than 50, 000 clients, including households, and devices.
- Businesses that get at least 50% of their annual revenue from selling personal information of their customers.
CCPA Consumer rights:
According to the California Consumer Privacy Act, there are some new client rights for California residents in place.
THE RIGHT TO KNOW- It is a consumer’s right to know what kind of personal information is collected exactly and for what purpose, as well as the right to seek the personal information collected in the last 12 months from the company.
THE RIGHT TO ACCESS- California consumers have the right to access the collected data by the company, usually by category (name, phone number…), any specific part of the information, the commercial aim for data collection, and more.
THE RIGHT TO OPT-OUT- All users have the right to prohibit the selling of their personal information and should be notified about this right in time (e. g. by a popup bubble) should a company plan on selling their personal data. Additionally, all users have the right to ask for their personal information to be deleted, however, some exceptions and limitations are in place (for instance, if the information is required to complete a transaction…).
THE RIGHT TO EQUAL SERVICE- All users should be provided equal quality for the same price.
There are some crucial steps one should undertake to get a business prepared to avoid penalties and violations. Here are some useful tips on how to make your business compliant with the California Consumer Privacy Act:
- Determine whether the CCPA applies to a certain business type
Regardless of the actual location of a company, if California residents’ personal information is gathered for any purpose, the CCPA applies. Also, it is highly possible that other governments (such as the states of Nevada, Texas, and New York firstly) will follow similar regulations.
- Determine what kind of data is collected and for what purpose
CCPA provides a broad definition of what kind of information is considered to be personal information. Customers have the right to know the purpose of collecting their personal data and the reason for collecting it should be transparent.
- Consumer rights
According to the CCPA, there are some new consumer rights in place, such as the right to restrict selling one’s personal data. These new regulations should be studied carefully and strictly followed.
- Keep the Homepage up to date
In accordance with the CCPA, all consumers are needed to be notified about the possibility of their personal information being sold and should be given the opportunity to prohibit such selling from the website.
- Assign a CCPA compliance assessor
It is highly recommended to consult and have a professional in the team in order to ensure a business’ compliance with all the CCPA requirements, make any adjustments needed and eliminate any possible issues.
As CCPA is gradually affecting different kinds of businesses by providing improvements to the data protection processes, it is really important to meet all the legal requirements and consumer expectations.
Some of the benefits of complying with CCPA:
- Noncompliance is expensive: There are high fines in place for not following CCPA regulations. The fine for unintentional violation is $2,500 and $7,500 for an intentional one and an additional $750 for each affected individual.
- Customer trust: Customer’s trust is increased if known that their personal information is reliably secured.
Finally, CCPA is an essential data protection law that was put in place for securing the collection, processing, and use of personal information. Complying to it leads to a higher level of consumer trust in the first place, by enabling customers to control the use of their personal information.
Coreware can help you with all your CCPA questions and requirements. Please feel free to reach out by filling out our contact form or emailing us at firstname.lastname@example.org