What You Need to Know About CCPA Compliance
In 2020, the data laws of California will shift to become more stringent. This is good news for consumers when it comes to privacy, and important for businesses to understand.
Similar to GDPR in Europe, California is the first state to pass a consumer privacy law and is leading the US states in protecting the right to privacy of its residents.
The new laws can have far-reaching implications for business owners and must be adhered to.
This change may also push other US states to implement similar laws, or even encourage Congress to pass a national privacy law.
For these reasons, it is wise to be aware of the new CCPA rules and how they could affect your business.
What is CCPA Compliance?
CCPA stands for the California Consumers Protection Act 2018. It is the most recent personal data protection law passed by the State of California in response to the increased role of personal data in business practices and personal privacy.
The CCPA has a lot of important implications surrounding the collection, use, and protection of personal information.
Which Businesses Does CCPA Affect?
It is important to know that CCPA affects more than California based businesses. It applies to every company in the world if:
1) They collect personal data of California residents
2) They (or their parent company or a subsidiary) exceed:
- Annual gross revenues of at least $25 million
- Obtains personal information of at least 50,000 California residents, households, or devices per year
- At least 50% of their annual revenue is generated from selling California residents’ personal information
The California laws define a California resident as any person who:
- Is in California for other than a temporary or transitory purpose
- Is domiciled in California, but is outside the state for a temporary or transitory purpose
What Are The Benefits of CCPA for Consumers?
The main focus of the Act is to provide California residents with the rights to:
1) Know what personal data is being collected about them.
2) Know whether their personal data is sold or disclosed and to whom.
3) Say no to the sale of personal data.
4) Have access to their personal data.
5) Request a business to delete any personal information about a consumer collected from that consumer.
6) Not be discriminated against for exercising their privacy rights.
What Qualifies as Personal Information for CCPA?
The CCPA’s has a very broad view of personal information includes the following:
- Demographic information (i.e., name, address, email)
- A unique identifier, such as an IP address
- Account or Social Security number
- Driver’s license or passport
- Personal property records
- Online activity
- Biometric, geolocation, employment, and education data
When is the CCPA Deadline?
CCPA is not a replacement for any existing California privacy law. All of the CCPA guidelines must be in place after 1 January 2020. If you have already added compliance for GDPR, the chance are you are already in alignment with CCPA.
Be Transparent with What You Collect
As with the GDPR, it is advisable to disclose their cookie use to the website visitors, but it is not required to allow them to deactivate these cookies (if by disabling them, the website would not function properly.)