The California Consumer Privacy Act (CCPA) is fast approaching. This legislation takes effect on Jan. 1, 2020, with the intent of bolstering the personal privacy of California’s 39 million residents.
As interest in the CCPA intensifies, our clients have been asking us for direction on its meaning and impact. In this blog post, I answer some the most frequently asked questions about the CCPA and why it matters.
What is the CCPA?
The CCPA regulates how businesses collect, use and disclose information about California residents.
What exactly does the CCPA do?
The CCPA is designed to empower consumers and require businesses to follow more stringent privacy requirements. For instance, according to the CCPA legislation:
- A consumer has the right to request that a business disclose the categories and specific pieces of personal information that it collects about the consumer; the categories of sources from which that information is collected; the business purposes for collecting or selling the information; and the categories of third parties with whom the information is shared.
- A business must disclose the requested personal consumer information and the purposes for which it is used.
- A consumer has the right to request deletion of personal information and may require the business to delete upon receipt of a verified request.
The CCPA stipulates penalties for businesses that fail to comply. Once regulators notify a company of a violation, the company has 30 days to comply. If a business didn’t comply, owners face a fine of up to $7,500 per record. The legislation also provides for a consumer's right to sue as well as file class action lawsuits for damages.
Whom does the CCPA apply to?
The CCPA applies to any business that
- Collects consumers' personal data
- Does business in California
- Has annual gross revenues exceeding $25 million OR
- Has personal information of 50,000+ consumers, households, or devices; earns more than half of its annual revenue from selling consumers' personal information.
You may learn more about the details via “CCPA Guide: Are You Covered by the CCPA.”
How is the CCPA different from the EU General Data Protection Regulation in Europe (GDPR)?
Both GDPR and CCPA are designed to protect consumer privacy. Both are wide-ranging in scope – after all, California is one of the world’s largest economies, affecting a multitude of businesses. And both require a tremendous amount of patience as businesses attempt to untangle their impact and meaning.
As with GDPR, CCPA is being ushered in by legislators even as technology is evolving to help businesses achieve compliance. It’s important that you take proactive steps to understand their ramifications and impacts.
Of course, there are major differences between the GDPR and CCPA. GDPR went into effect in 2018, whereas CCPA is forthcoming. And GDPR affects organizations that do businesses across sovereign nations in the EU, whereas CCPA is restricted to one state (albeit a large, influential one).
For more insight into GDPR compliance, read this Q&A on our website.
For a deeper dive comparison between GDPR and CCPA, read this CCPA and GDPR Comparison Chart.
How do I know if the CCPA applies to me?
You’ll need to do some research on your own customer base to see if your business meets the requirements stipulated above. Look at analytics such as your e-commerce data (if applicable), website visitors, and where you target paid search. How much of your audience is based in California? You’ll be able to tell fairly easily.
How do I ensure that I am compliant?
At Investis Digital, we can help you ensure compliance. We’ll address how in a future blog post. For now, the important thing to do is to understand whether you are affected as a business. Don’t wait until January 2020. Find out now.
Contact Investis Digital
To ensure that your actions are compliant with GDPR and CCPA, contact Investis Digital. We can help.