The New California Consumer Privacy Regulations: Here’s What You Need to Know Now
On June 28, 2018, the state of California passed the California Consumer Privacy Act (CCPA) as part of a worldwide movement toward greater data transparency and improved privacy protections for consumers. The CCPA will go into effect on January 1, 2020.
If this law sounds familiar, it’s because it is similar to the General Data Protection Regulation (GDPR) in Europe and the Canadian Anti-Spam Law (CASL) in Canada.
Read on to find out what you need to know about this new law and its requirements.
What Is the CCPA?
The new law is intended to give California residents more control over how companies collect, use, and work with their personal information.
If a company is subject to CCPA regulations, it means they must comply with the law by creating ways for Californians to exercise their privacy rights.
Consumers can request to:
- Learn what information is being collected from them, and why that data is being collected.
- Know whether their personal data is being sold to other companies (and if so, they can get details about who is buying that information).
- Say no to the sale of personal data.
- Have their data deleted.
- Not be discriminated against, even if they exercise their rights under the CCPA.
What Are the Penalties for Non-Compliance?
If your company is subject is the law, but you don’t comply with the requirements, the cost can be steep.
There are significant penalties for failure to comply with privacy rights, and even higher potential fines for data breaches. Consumers can also pursue civil litigation if they believe their rights have been violated.
We recommend not taking any chances, if the law applies to your company.
Remember Target’s massive data breach in 2013? The crisis cost the company $18.5 million at the time – but it may have cost them half a billion dollars if the CCPA had been in effect in 2013.
Who Has to Comply with California Consumer Privacy Act (CCPA)?
The CPA applies to for-profit businesses that collect information from California residents, conduct business with customers in California, and meet ONE of these requirements:
- The company’s annual gross revenues exceeds $25 million; or
- The company receives and/or discloses the personal information of 50,000 or more residents of California; or
- The company acquires more than 50% of their annual revenue from selling the personal information of California residents.
Small companies that don’t meet these requirements are exempt from the law, as are nonprofit organizations and public agencies.
Questions to Ask Your Marketing Agency
If you’ve looked at the criteria above, and believe the CCPA applies to you, here are some questions you should ask your marketing agency:
- Do we have notifications in place on our site, so visitors understand their privacy choices?
- Do we need all the data you’re collecting? Is that data still valuable?
- Are we dealing with opt-out requests according to new regulations?
- Can we provide records to consumers, about the personal information we collect from them? Do we have a mechanism for deleting that information if they request that we do so?
Here at TEEM, we work with our clients to make sure they are compliant with all applicable regulations. If you have questions about the new CCPA requirements, and would like to speak with a member of our team to discuss, you can contact us here to set up a call.