Consumers are bombarded with requests for their personal information all the time, and that information is often provided without a second thought. We tend to see giving out personal information as an increasingly necessary part of a “connected” life. We use technology to monitor our sleep, our pet’s activity, how much time we spend online, and even our homes. While these tools can help in reaching health goals, keeping watch of loved ones, and choosing the quickest route to work, the trade-offs in privacy can be significant. Recently, though, efforts to protect consumer privacy have started to gain traction.
The collection and sharing of consumer’s personal data by companies is now widely regarded as a potential invasion of privacy and even a security risk, and increasingly, individuals are asking for government protections.
The state of California (CA) is taking the lead in the United States in the effort to protect the right to privacy of its residents, with a new privacy law for CA residents taking effect in 2020. California introduced the California Consumer Privacy Act (CCPA) to help consumers secure and gain ownership and control of their personal information. The CCPA will take effect on January 1, 2020, and if you conduct business in California, there are things you need to know.
What Is the CCPA?
The California Consumer Privacy Act (CCPA) is currently the strictest privacy law in the United States. It was written in response to the increased use of personal data in business practices. Starting January 1, 2020, the CCPA will make it mandatory that any company—worldwide—that conducts business in California, and therefore collects or sells California residents’ personal information, must implement structural changes to their privacy programs, or face penalties for non-compliance.
Who is Affected by the CCPA?
The CCPA does not exempt businesses based on size, but rather through a set of specific guidelines. Under the CCPA, businesses that earn $25,000,000 a year in gross revenue, obtain 50,000 or more consumer records each year, or derive 50% of their annual revenue by selling Californian’s personal information must comply.
Does CCPA Replace Existing California Privacy Laws?
CCPA does not replace any existing California privacy laws, including the California Online Privacy Protection Act (CalOPPA). All current privacy laws will remain in effect after January 1, 2020.
Is GDPR-Compliant the Same as CCPA-Compliant?
If your business is GDPR-compliant, that does not mean you are automatically CCPA-compliant. You might already meet some of the requirements for CCPA, but there will likely be additional requirements that apply to your business.
Learn more about the similarities and differences between GDPR and CCPA.
The California Consumer Privacy Act focuses on user data and providing visibility into how businesses are collecting, sharing and using that data. If your business falls within the CCPA’s scope (mentioned above), your business must provide:
- A “Do Not Sell My Personal Information” option for users.
- Prior consent before selling personal information from minors 13-16 years old. However, if older than 16 years old, it is not required to obtain prior consent.
CCPA: What It Means for All Businesses
Whether your business is directly affected by the CCPA or not, these compliance mandates should help you think through how personal consumer data is processed and protected within your business environment.
The CCPA may become a national standard, with Hawaii, Maryland, Massachusetts, Mississippi, New Mexico and Rhode Island all having proposed laws that are almost identical.
To learn more about the California Consumer Privacy Act (CCPA), visit the resources below.
Learn More about CCPA
- Californians for Consumer Privacy
- State of California Justice Department
- Secure Privacy
Need Help Getting Your Site CCPA-Compliant? Let’s Chat.