Today Data has become one of the world’s most valuable resources. Since we are a day or two old in 2020, we should talk about CCPA. The much-anticipated policy passed in 2018, will come into action at the onset of January 1st, 2020. Here is everything you need to know about CCPA.
CCPA stands for California Consumer Privacy Act. It will primarily boost privacy rights and consumer protection for California residents.
There appear to be 4 prime goals to the CCPA-
- Own your Personal Information
- Control your personal information
- Secure your personal information
- Hold Big Corporations Accountable.
Apart from the above goals, CCPA further wants the consumers to have the ability to :
- Know WHAT personal information is being gathered concerning them
- Know whether their personal information is SOLD or DISCLOSED, and if so, to WHOM
- OPT-OUT of the sale of personal information
- ACCESS their personal information
- Gain equal service at the same price, even if they practice their privacy rights
Your business needs to implement new policies to protect personal information for all your clients who are residents of California. Certainly, there are many aspects of CCPA that are similar to GDPR and its a relief for the organizations which are on top of their GDPR compliance. As a result, this will pave their way smoothly to comply with CCPA. On the other hand, it is important to understand that CCPA and GDPR are not replaceable.
Moving further, CCPA applies to all revenue-generating organizations meeting the below-mentioned parameters–
- With annual gross revenues above 25 million dollars
- Buy, sell or share date from more than 50,000 consumers, households, or devices
- Derive 50% or more of their annual revenue from selling consumers’ private information
- Obtain consumers’ personal information (this may or may not include external visitors to your business)
- Conduct business in California, including E-commerce
A California resident is determined by the California laws as any person who:
- Firstly, is in California for other than a short or transitory purpose
- Secondly, is domiciled in California but is outside the state for short or transitory purposes
- You are at a huge risk in case you are non-compliant. Attorney General can initiate a civil case against you if you remain non-compliant after 30 days, after being notified about it. You can expect a fine of $7500 per violation. For instance, if you violate the CCPA-guaranteed rights of 1000 users, you might suffer a fine of up to $7.500.000 in total ($7500×1000 users).
- Non-intentional violations could cost a business $2,500 for each violation.
- Statutory damages would be no less than $100 and as much as $750 per consumer per incident.
CCPA Policy- What to include?
- Description of the new rights for the residents of California.
- Method for submitting personal information or Erasure Request.
- Opt-Out page link on the website.
- Personal information sold in the past 12 months under particular categories
- List of personal information disclosed for a business purpose in the past 12 months.
- An account of all the purposes of using each category of personal information collected.
- Sources of each category of Personal Information.
We are CoReceptionist, will closely observe activities around CCPA and keep you informed. You can read more here.
Disclaimer: The information presented above is not legal guidance, is not to be acted on as such, may not be current and is subject to vary without notice. Please seek professional legal counsel before taking any action.