Posted on January 23, 2020 | | Categories: Compliance
The California Consumer Privacy Act (CCPA), the latest data privacy law in the Golden State, went into effect on January 1st, 2020. Some have compared it to the UK’s GDPR (General Data Protection Regulation), and they’re not far off – like the GDPR, the CCPA is intended to protect individuals’ private data by making data collection and usage more transparent between consumers and companies.
The CCPA is a California law that aims to give Californian consumers ownership over personal data that is collected by businesses. Even before this act, California had the strongest data privacy rights in the US, and the CCPA adds new rights to Californians’ arsenal:
Californians have the right to know what data a business collects and why, as well as any personal data they use, share, or sell.
To comply, organizations must:
Have you ever wished you could delete something from the internet? If you’re a California resident, you can! Businesses must now delete information about you if you ask them to (within reason) – including information the business has given to any third-party enterprises.
Your business can comply by:
Related Reading: What is Secure File Sharing?
If your business shares or sells personal data, consumers have the right to withdraw consent from having their data sold. Make sure you’re meeting CCPA requirements by:
As part of all these rights, Californians are also protected from discrimination for choosing to view or limit data a business has collected about them, or for choosing to opt out of data re-selling.
If your organization collects California residents’ information, it’s possible that you must adhere to the CCPA, even if your business is not physically located in California. The law outlines three points that determine whether the CCPA applies to a business:
Whether just one or all three of the requirements above apply to your business, you must comply with CCPA. However, any information already covered by federal or California privacy laws, like HIPAA or the Gramm-Leach-Bliley Act (GLBA) is exempt.
Related Reading: File Transfers: Do Them the Right Way
The CCPA has one of the broadest definitions of personal information, which includes any:
Yes! Starting July 1, 2020, the Attorney General of California will begin to enforce action under the CCPA. Both individuals and regulators can contest how companies manage personal data and follow the CCPA.
The CCPA is designed to protect consumers and gives them several options for contesting how businesses use their data. CCPA allows for class action lawsuits for damages in the case of a data breach – a first among consumer data privacy laws like the GDPR and PIPEDA. Even without a data breach, consumers may sue companies if the CCPA guidelines are violated.
Further, if consumers can’t easily figure out how to request or delete their data or opt out of data sharing, they can sue businesses for not adhering to the law.
If a regulator notifies your business of a CCPA violation, you have 30 days to comply with the law. After 30 days, your business can incur fines of up to $7,500 per record for any violation: up to $2,500 per unintentional violation, and up to $7,500 per intentional violation.
Related Reading: 10 Easy Ways to Protect Your Data at Work
In the case of unauthorized access, including data breaches or other any lack of proper security practices, businesses are liable for damages or penalties of $100 to $750 per consumer per incident, whichever is greater.
Insecure handling of personal data and high profile data breaches have led to an increase in the exposure of personal records in the US – and the public has taken note. By taking proactive steps to safeguard your customers’ data, you’re helping to build a better rapport with your current and future customers.
Plus, you’ll be ready when other states start to implement similar laws.
Related Reading: Top Data Breaches of 2019: How You Can Minimize Your Risks
Track your information intake, make it easy to audit your data exchanges, and make your correction processes simple with secure managed file transfer.