The California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) will become effective on January 1, 2020. This will bring very big changes and adjustments to U.S. data protection laws. Businesses need to know a few things about the CCPA in order to be fully prepared to comply with the restrictions and guidelines as it pertains to the handling of consumers’ personal information or risk face severe financial penalties.
The CCPA is likely to be just the beginning stages of a wave of consumer data privacy regulations at the state and federal level.
What Businesses Need to Know about the CCPA
- CCPA’s protections apply to all California residents, regardless of their relationship with an organization (e.g., employees, customers, business leads) or whether their personal information is collected online or offline.
- The CCPA defines a “business” as a for-profit entity that collects “consumer” data and meets at least one of the following thresholds: Annual gross revenue over $25 million, Annually buys, receives, sells or shares the personal information of 50,000 or more consumers, households, or devices for commercial purposes, and derives 50% or more of its annual revenue from selling consumer personal information.
- Businesses with revenues of $25 million or more may have compliance obligations no matter how much personal information they collect from Californians.
- The CCPA provides California residents with a right to be informed of the categories of personal information that a business collects or otherwise receives, sells or discloses about them; the purposes for these activities; and the categories of parties to which their personal information is disclosed.
- The Act also grants California residents the right to request more detailed information about the personal information a business holds specifically about them, and the right to obtain portable copies of their personal information from the business.
- The CCPA gives Californians the right to prohibit a business from selling their personal information, and to request that a business delete their personal information.
- Violations of the CCPA are enforceable by the California Attorney General, who may bring actions for civil penalties of $2,500 per violation, or up to $7,500 per intentional violation.
- The CCPA includes a private right of action with the potential for statutory damages.
*The Bill text is subject to change up until its 2020 institution date
If you have any questions, contact Justin Grooms
Justin Grooms, PHR, is our Senior Business Consultant and can answer questions you may have regarding how this law will affect your business.