If you’re operating a for-profit business in California or if you are collecting personal information relating to consumers that reside in this state, the California Consumer Privacy Act (CCPA) is one law that you can’t afford to ignore. If you haven’t heard about this new law just yet, there’s no better time to familiarize yourself with it than now. In this article, we’ve outlined important aspects of CCPA that you should know about, including what this law is and how it affects your business.
What is CCPA?
The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that outlines strict requirements for companies that collect personal private data. Touted as the strongest privacy legislation enacted in the United States so far, CCPA is akin to the EU’s General Data Protection Regulation (GDPR) due to its comprehensive approach to privacy protection.
While the CCPA went into effect on January 1, 2020, the office of the California attorney general will not take any legal action against businesses that will not have complied until July 1, 2020. This new law applies to for-profit businesses that handle personal information of California-based consumers, business-to-consumer contacts, or employees and that meet any of the following statutory thresholds:
- Gross revenues of $25 per year
- Collect, buy, receive, sell, or share personal information of at least 50,000 California-based consumers, devices, or households for commercial purposes,
- Gain at least 50 percent of its annual gross revenues from selling consumer’s personal data.
While the applicable thresholds exclude many small and midsize companies, a business could meet the second threshold if it attracts at least 140 California-based consumers per day through its website. Furthermore, subsidiaries that share the same branding with their parent companies are also required to comply with the CCPA law even if they themselves do not meet the applicable thresholds.
How CCPA Affects Your Business
If you thought that the CCPA doesn’t apply to you because your business has no physical presence in California, think again. Although California-based companies are directly affected by this law, companies outside of California will also be affected if they meet any of the three statutory thresholds.
According to the International Association of Privacy, the CCPA could affect more than half a million businesses in the United States. With similar laws manifesting in many other states, all companies from all states will have to comply with some sort of data privacy law in the near future.
For companies affected by the CCPA law, the burden of complying is very real. Some of the obligations that your company must meet include:
- You must have a “Do Not Sell My Personal Information” page if your business sells personal data
- Inform consumers about what happens to the personal information after they share it with you
- Preserve a data inventory to outline your history of personal data processing
- Ensure that consumers are conversant with their rights under the CCPA
- Alert consumers before or at the time you’re collecting their personal data that you want permission to collect their data
- Grant consumers the right to access the personal data that you have on them
- Give details of how consumers can request for your business to erase their personal data
What Must Your Business Do Now?
After putting your house in order, you should take the time to identify all third parties and vendors that receive consumers’ personal data from your business. After you’ve identified them, be sure to add proper contract terms to deal with the CCPA, including terms relating to the use or disclosure of personal data obtained from your business. This is to make it clear that your business is not making your customers’ personal information available for sale to vendors.
Originally posted 2020-02-26 23:05:26. Republished by Blog Post Promoter