CCPA – Compliance Before Consequence

Becoming compliant with new laws can be frustrating. Companies are finally making it over the curve of being completely compliant under the recent General Data Protection Regulation (GDPR), and now there is yet another regulation that needs to be complied with. As of June 2018, The California Consumer Privacy Act (CCPA) was signed, and even still companies are trying to get prepared. This is because although it’s a California state law, it affects practically every business in the United States. The law itself doesn’t go into effect until January of 2020, so now is the perfect time to make sure that your company is compliant for when the properties become law. So, what does this new law entail?

• Applies to for-profit entities that collect and process California resident personal information; the company does not need to be in California for this to apply
• Applies to organizations with one or more of the following:
  • Annual Gross Revenue of more than $25 million
  • Receives at least 50% of its annual revenue from selling California resident information
  • Receives or shares 50,000 residents’ information annually

The biggest component that needs to be clarified within this law is the definition that it gives to the term “Private information”. The law defines this as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”. According to that statement, the information doesn’t necessarily need to refer to a single person but can refer to anyone or anything in a household, such as:

• IP address
• Profile information
• Browsing history
• Buying history
• Customer preferences

This scope for what qualifies as personal information is large. The purpose of this legislation is to make sure that consumers have more knowledge about what’s being collected and used, how it’s being sold, how it can be removed, and how the selection is dealt with without discrimination.

So, what will companies need to do to make sure that they are compliant? Firstly, companies need to make sure that their amount of disclosure satisfies the regulations put in place by the CCPA. The consumers need to be informed of their rights, and in turn can file suits if their rights are not upheld under the act. If a company is found to be non-compliant with the act as of 2020, there are several penalties that they could face if they meet the specifications listed above. Individual suits can be filed against non-compliant entities for damages. Along with that, companies can suffer up to $2,500 per violation in civil penalties, and up to $7,500 in intentional. These are just a few of the consequences that companies may face if they fail to become compliant with the upcoming act.

New information-related legislation can be tricky to comply with, but there is still time left before the act takes effect. Contact us today to learn more about the California Consumer Privacy Act and what it means for your organization. It’s much better to be compliant before the consequence!