What You Need To Know About The California Consumer Privacy Act (CCPA)
A new data privacy law with far-reaching implications.
Please Note: This article does not constitute legal advice. We recommend you seek professional legal advice where appropriate.
On January 1, 2020, the State of California officially put the California Consumer Privacy Act into effect.
What does that mean?
It means that California has passed its own version of the GDPR, Europe’s response to consumer privacy (read up on the GDPR here). There’s a lot of confusion about who the CCPA affects, how it will affect them, and what to do about it (if anything at all).
Here is our coffee-break-length run-down of the CCPA.
What is the CCPA?
The CCPA is a new data privacy law that could potentially reach far beyond the borders of the Golden State. It gives residents of California power over their own personal data, allowing them the right to delete, monitor, block, or refuse sales of their data.
As with the GDPR, some companies have decided to extend that security and control to all of their users, but others are only updating privacy policies for users within the state.
Who does the CCPA apply to?
The CCPA doesn’t just apply to businesses that operate out of California, it also applies to businesses that conduct business in the state.
Here’s a quick checklist we put together for you.
Your business will need to comply if you:
- Do business in the State of California
- Collect personal information
- Alone or jointly with others determines the purposes or means of processing that data; and
- Satisfy at least one of the following:
- Annual gross revenue exceeds $25 million
- Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of at least 50,000 consumers, households, or devices; or
- Derives at least 50 percent of its annual revenues from selling consumers’ personal information.
If you checked any of these boxes we highly suggest investigating further. Businesses have a 6-month grace period to update their systems and become compliant.
How will it impact your customers?
Customers will, in general, not notice a change in the use of your product or service.
They will probably be asked to accept updated terms and conditions as businesses adapt to the new law, but the biggest change will be how the companies themselves are using the data.
How will it affect your business?
If the law applies to your business, you will have to disclose what information you collect, for what business purpose, and with any third parties you share that data with. You will also be required to comply with official consumer requests to delete that data.
Consumers can opt-out of their data being sold, and businesses can’t retaliate by changing the price or level of service. Businesses can, however, offer financial incentives to their customers so they can collect data.
California authorities are empowered to fine companies for violations, but again there is a 6-month grace period until July 2020 to allow businesses time to update their systems.
What is the bigger picture?
The general sentiment is that CCPA could create more headaches than solutions, as it will be more costly and difficult for businesses to comply with a whole bunch of state-level laws as opposed to one federal law. Currently, compliance costs for the CCPA are earmarked at a whopping $55 billion and could rise if more states enact consumer privacy laws.
If you have any questions, reach out to us here at Adept.
Please remember that this blog isn’t legal advice, and we recommend you seek professional advice where appropriate.