California Consumer Privacy Act

As we move further into the 21st century, the world as we know it has become even more connected and digitally reliant. Whether you are ordering food or looking for medical advice, there seems to be an app for pretty much everything.

While these applications are designed to make life easier, they are also cleverly designed to collate as much of your personal data as possible. Companies, including yours, may leverage this data for targeted marketing and advertising efforts or to improve products and services.

However, as of New Year’s Day 2020, the way data is collected, stored, and shared by companies may land them in rather hot water.

In 2020, a significant change in privacy regulations will commence for US businesses that operate in the golden state of California. The California Consumer Privacy Act (CCPA) officially went into effect this year, signifying a massive shift in the privacy field for the US. It is a positive move forward towards the global privacy benchmarks and away from allowing companies to use personal data as assets.

What is the CCPA, and how will it impact you as a business or consumer? Let’s find out:

What Is the California Consumer Privacy Act?

The CCPA requires companies of a certain size that collect, store, or distribute data and information on customers in California to disclose data collection practices and delete information on demand. These companies will also be required to provide California consumers with an option to opt out of data collection, empowering these users to take data privacy into their own hands.

CCPA’s goal is to arm the consumer with more information and control over what happens with their personal data.

Will the CCPA Affect All Businesses?

While this question is quite a prominent one, many things need to be taken into account. The CCPA will apply to any business, under the classification as a ‘for-profit entity’ that:

  • Conducts business in the State of California;
  • Collects personal information from California residents;
  • Has gross annual revenue of more than $25 million;
  • Derives fifty per cent, or more of its revenue from the distribution of the personal information of California residents;
  • Sells or shares the personal data of more than 50,000 households of California residents.

To put things simply, if your company fits into any or all of the above, the CCPA will apply to your business, and you will need to be compliant by the end of January 1st, 2020.

California Consumer Privacy Act

How to Comply with The California Consumer Privacy Act

If you have concluded that your business does need to comply, then there are three things that you need to do so you can make a start right away:

1) Communicate with decision-makers in your company – Your Board Members and Executives will need to be aware of what the CCPA is and why it concerns your company, when it goes into effect and most importantly, how the CCPA will affect your business. 

2) Organize customer information – Your company will need to be aware of the following pieces of information:

  • What information is being collected?
  • How the information is being collected.
  • Where the information is being kept.
  • Why the information is being collected.
  • Where the information is being shared.

Having a key grip on this will allow you to manage an efficient system. This system needs to be in operation should an auditor or customer request any of the information. One of the best things you could do to ensure the safety and compliance of your company is to employ a data protection specialist.

3) Update privacy policies – Updating your privacy policy is the next step. Luckily a GDPR Privacy Policy will meet CalOPPA/CCPA requirements, but you should also note that this policy may not be GDPR-compliant. To ensure safety, you must make sure there is a clear, distinguishable definition between GDPR and CCPA policies.

What Happens If My Business Is Not Compliant?

Since CCPA went into effect on January 1st, 2020, companies are expected to start working towards remediating issues with their data security, however the Attorney General cannot bring an enforcement action until July 1st, 2020. This gives your organization time to begin working on compliance.

The CCPA also grants a grace period of 30 days to comply with the act at the point of notification of non-compliance. If by the end of this period, there is no resolution, a first offence fine of up to $7,500 per record will be issued.

The CCPA also has an allowance for consumers to seek legal action against companies if their information is subject to “unauthorized access and exfiltration, theft, or disclosure.”

So, What Now?

Well, as you can probably see, there is a great deal of importance that needs to be attached to implementing the CCPA. Not being ready for the change can be catastrophic and have huge ramifications for your business.

While, it may seem that you aren’t required to comply this second, ensuring compliance helps to promote happy customers and secure data. You should always be mindful of protecting your company from any form of a data breach, so getting the very best level of network protection is a necessity.

Port53 provides cloud-delivered security solutions that protect your organization and significantly lower the risk of data breaches that may turn out to be rather costly.

Fill out the form below for a free initial consultation and Cloud Risk Assessment, and begin your journey towards compliance!

powered by Typeform