California passed a consumer privacy act at the end of June 2018, known as the California Consumer Protection Act. It went into effect from January 1, 2020, and businesses are working to comply with the requirements, which is to be done by July 1, 2020. Under CCPA, the personal information collected by the businesses from California residents must abide by the Act’s rules and regulations.
Just like the EU residents have the protection rights under the General Data Protection Regulation, similarly CCPA sims at giving such rights to Californians. Being one of the largest reaching law in the USA, it’s essential to know and understand some key points related to it.
The California Consumer Protection Act gives the residents of California the following rights:
- They have the right to know about their personal information being collected, used, shared or sold by the businesses.
- They have the option to opt-out of the sale of personal information.
- Opt-In consent should be provided by the parent or guardian of children under the age of 16.
- The consumers have a right to request a business to disclose the purpose of collecting or selling personal data.
- Residents also have the right to request the deletion of personal information.
COMPANIES AFFECTED BY CCPA
The Act applies to the businesses or companies running to earn profit and not to non-profit organizations like charity. Companies having at least $25 million in annual revenue, and buying, receiving, or transferring personal data of more than 50,000 California consumers must comply with this law. Additionally, if your business derives 50 per cent or more of annual revenue from selling the personal information, then also you fall under the act.
The personal information covered by the California Protection Privacy Act is defined as the data that can be used to identify, relate, or describe a particular individual or household is considered as personal information. This expands to include:
- Home address
- IP address
- Browsing history
- Passport or other official numbers, location data
- Location data
- Bio records like touch IDs
- Work history
- Educational information, plus more.
STEP-BY-STEP COMPLIANCE FOR BUSINESSES
Following are some steps to CCPA compliance that are to be followed by companies or businesses:
- Update the privacy policies and notices used by the company.
- Update all the business processes, data inventories, and data strategies.
- Implement the various protocols to ensure all consumer rights.
- Protect personal data with reasonable security.
- All the employees should be trained with CCPA requirements.
The companies must provide notice prior to or at the moment of collecting personal information. Use a banner or notice when users use your website and it should clearly disclose the specifications of the data being collected and the purpose of collection. The privacy notices must be updated, as mentioned in the above point. Moreover, the information should be in a readable format.
Your company will have to pay certain penalties on the failure to comply with the requirements of CCPA. Unintentional violators will be fined $2500, on the other hand, intentional violators will have to pay up to $7500. Also, if any Californian resident feels that a company or business isn’t complying with the law, strict private action can also be taken against them.