Effective on January 1, 2020, the California Consumer Protection Act (CCPA) will have a significant effect on business privacy activities across all technological, media and entertainment, as well as telecommunication sectors.
Regarded as the most stringent privacy law in the US, CCPA gives residents of California the privilege to oversee how companies handle their data. For this reason, once the CCPA is implemented, businesses in the state will be required to honor data subject requests for access, deletion, and opting out of the sharing or sale of their information.
In this article, we answer the five questions business owners frequently ask about CCPA compliance.
- Who Does CCPA Apply To?
This law targets for-profit enterprises that gather and control personal data, operate in California, and satisfy at least one of these thresholds;
- Post yearly gross revenues of more than $25 million
- Receive or reveal the personal data of 50,000 or more California residents, households, or gadgets annually
- Generate 50% or more yearly turnover from selling personal information belonging to residents of California.
In this context, it is important to note that non-profit organizations, and smaller firms that do not satisfy turnover thresholds, or those that do not transact large amounts of personal data from residents of California and don’t share a brand with an affiliate that is covered by the CCPA will not be obliged to comply with this law.
- Do I Need to Comply with CCPA if my Company is not located in California?
Essentially, if you do business with residents of California, and satisfy the threshold requirements, it is crucial to examine whether you collect personal information from them. If so, your business is subject to CCPA requirements irrespective of its location. The scope of the CCPA is secured to the residency of the consumer in that its objective is to safeguard the rights of residents in California.
- When does the Enforcement of CCPA Begin?
CCPA is scheduled to come into effect on January 1, 2020. Once it is implemented, consumers will have the right to request that a company reveals specific pieces of data for the preceding year that the business has collected or processed about the subject.
Additionally, consumers can demand to know whether this information was sold or shared with a third-party. This point implies that businesses should have records from as early as January 1, 2019.
Nonetheless, it is crucial to take into account that the California Attorney General will delay enforcement actions for six months after the law comes into effect.
- What is Personal Information under the CCPA?
The description of personal information under this regulation is broader compared to other privacy-related laws in the US. Under the CCPA, personal information refers to; ‘information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.’
The standard examples of personal information include social security and driver’s license numbers, as well as unique personal identifiers such as device identifiers and online tracking technologies, among others.
However, publicly available data such as property tax information from federal records are excluded from the scope of CCPA. This law also excludes aggregated data, as well as medical or health information gathered by an individual or entity controlled by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
- What type of Disclosures do Impacted Businesses need to Make?
Under CCPA, businesses should come up with detailed privacy policies that are presented to consumers when personal data is gathered. These policies should comprise;
- How their information is collected
- How their information is used
- The categories of personal information the business has sold to third parties in the preceding 12 months.
CCPA will also oblige companies to publicly reveal and make customers aware of the existence and nature of their privileges under this law. The privileges include;
- The capacity for a consumer to request the business to provide copies of their data collected
- The right to opt-out of the sale or sharing of their data with third parties
Our objective at Secure Privacy is to help you view data privacy and security as a way of gaining a competitive edge in your line of business as opposed to being a risk management issue. That is why we have a tailored complete CCPA compliance solution that is helping leading companies build their brand and corporate reputations.
Book a call with us today and get expert guidance on the measures you need to take to meet and maintain CCPA compliance. If you need to learn more about this regulation, check out our comprehensive step-by-step guide on what CCPA entails.