Under the new law that goes into effect on January 1, 2020, California consumers may request a copy of all data collected on themselves within the last 12 months. The California Consumer Privacy Act (CCPA) operates very much like the General Data Protection Regulation (GDPR) with a bit of a twist. Here’s how.
Understanding the California Consumer Privacy Act
CCPA is a comprehensive regulation that applies to all persons and websites regardless of their physical operating location. This includes entities operating outside of the State of California and the US. California lawmakers passed the CCPA to protect confidential consumer data online.
Under the new privacy act, companies must take care to provide easily accessible options for consumers to opt out of data sharing. In a huge twist, CCPA now requires websites to inform customers what data they have collected about them (and who they are sharing it with).
How CCPA works for B2B data collectors
The new California initiative gives consumers access to a report that shows how their personal data has been used within the last 12 months. This comprehensive personal data report is free.
The act requires data collectors to respond to information requests and reports of suspected breaches within 45 days. A completed data collection report must show consumers what information has been collected about them and how it is being shared.
Websites and data collectors found to be in violation of the act have 30 days to become compliant to avoid steep fines that range from $750.00 to $7,500.00 per incident.
An important component of the new California Privacy Protection Act is that data collectors are also now required to provide a comprehensive report to consumers that includes the names and contact information of the companies they have shared their data with.
There’s no wonder why companies like Facebook and Google oppose the upcoming act. CCPA provides unprecedented levels of data protection for consumers. Let’s review the basics for remaining compliant.
What you need to know
The following are the important data protocols that websites and data collectors need to know to remain compliant with CCPA. Data collectors and websites that fall into this category should take swift action to prepare for the upcoming changes to assure compliance.
Is my business affected?
Companies that collect data online, which generate at least $25 million in annual revenue and hold personal data for over 50,000 people must comply with the standard. CCPA also requires all companies that earn at least half of their revenue and specialize in the sale of personal consumer data to comply regardless of revenue level. Note that partners and vendors must also comply to avoid an accidental breach. Exemptions from the new law include insurance institutions, agents, and support organizations, already governed under a similar California law.
What does my business need to do?
Regarding data security protocols, you must let your consumers know that their personal information is being collected and provide them with the option to opt-out in an easily accessible manner. CCPA mandates that data collectors are to inform consumers of who is using data and provide contact information for the data security administrators maintaining their secure records.
What happens if my business does not comply?
Noncompliance carries significant penalties. In the case of a suspected breach, companies have 30 days to remedy the breach or face a fine of up to $7,500.00 per record. The 30-day window starts from the time that the consumers provide notice to the entity responsible for the breach. The new law introduces an unprecedented provision that allows consumers to sue companies found to be in breach. Consumers may sue as individuals or by joining a class-action lawsuit.
Need help to get ready with becoming CCPA-compliant? Contact one of our Data specialists to learn more today.