Inspired by the GDPR, the CCPA requires organizations to manage the personal data of California residents in a new way and grant them rights to their personal information. Is your firm prepared?
Data privacy laws such as the GDPR continue to be an international trend, with the California Consumer Privacy Act (CCPA) being one of the latest examples. It was passed in 2018 and became effective January 1, 2020. Enforcement will begin in 6 months on July 1. So, how can firms know if the CCPA applies to them, and how do they comply?
The CCPA gives California individuals rights to the data that a company has on them. It addresses the growing concern by customers regarding their data privacy and also will play a part in lessening privacy issues and data breaches in the future. Before going any further, here’s how to know if the CCPA applies to your firm.
The CCPA applies to any for-profit company that collects or processes personal information on customers, does business in the State of California, and meets at least one of the following requirements:
This means that even if a firm doesn’t sell customer data, it could still be covered by the CCPA because of the size of the company’s customer database or its annual revenue. And while the law only applies to companies that do business in California, it’s likely that more states will adopt the same standards in the near future, so take notice.
It’s not too early to start thinking about how your firm’s customer data is organized and how you can work towards greater transparency and privacy.
While one purpose of the CCPA is to single out data vendors, the overall purpose is to enable customers to access and control any personal information that companies have collected about them.
Companies could have received this data from customers’ email subscriptions, contact form submissions, transactions, or by purchasing the data. Personal information is defined by the CCPA as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular customer or household.”
The includes identifiers such as real name, address, unique personal identifier, email address, and SSN; commercial information; biometric information; Internet activity; geolocation data; professional or employment-related information; and any inferences drawn from this information to create a profile on a customer’s preferences and characteristics.
The following includes the various rights that the CCPA is giving California residents:
While it’s easy to get overwhelmed by the legal jargon and high-level ideas, here’s a list of practical steps firms should take to be compliant. For firms that already made changes to comply with GDPR, know that there is overlap here and you will already be partially prepared.
Enforcement of the CCPA begins July 1, 2020, which gives companies 6 months to prepare and time for the California Attorney General to modify and make topics such as the definition of personal information less broad. Fines will be enforced for violations, but even for firms not affected by the CCPA, this is still a relevant opportunity to organize and streamline all client and customer data systems and processes as the CCPA is likely to spark national dialogue around data privacy, leading to more laws in the future.
About The Author