The California Consumer Privacy Act that went into effect in January 2020 has serious implications for many businesses. The text of the bill itself is complicated, but even if you find yourself confused and unsure of what it means, it’s important to get it right.
Regardless of your current role at your company, you are responsible to uphold the regulations outlined in this law. Otherwise, your company could face irreversible damage. If you’re wondering, “Does CCPA apply to my company?,” here’s what you need to know.
What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act (CCPA) is a bill that was passed by the California State Legislature in 2018, but it didn’t go into effect until 2020. In a nutshell, it forces organizations to protect consumers’ data privacy rights.
To remain CCPA-compliant, businesses must:
• Notify consumers at or before they collect any personal data
• Allow consumers to read and delete any of their stored personal data and provide privacy settings that allow them to opt-out
• Disclose any financial incentives they have to retain consumers’ personal data
• Verify the identity of consumers who read and delete personal data
• Respond to consumer requests within a specific timeframe and keep records of all access requests and related business correspondence with consumers for 24 months
Why is the CCPA important?
The CCPA protects consumer privacy for Californians by giving them more say in how companies collect and use their personal data. For example, the CCPA protects personal data like:
• Social security numbers
• Credit card numbers
• Browsing history/search history
• Online IDs and account names
• Biometric information
• Geolocation data
This is not a complete list of data that the CCPA protects for Californians, but it’s a brief sample. For those who want to keep this information private and out of the hands of businesses that profit off of it, the CCPA is very important.
Does CCPA apply to my company?
Now that you know what the CCPA is, you should be asking, “Does the CCPA apply to my company?” Unfortunately, the answer to that question is complicated. The CCPA only applies to businesses that:
• Have a gross annual revenue of $25 million
• Buy, receive, or sell the personal information of 50,000 or more households, consumers, or devices
• Handle the personal information of more than 4 million consumers
Additionally, the CCPA doesn’t just apply to California residents. Every company that does business with a California company, has customers that live in California, or collects personal data from any California resident must comply with the CCPA.
What happens if I fail to comply with the CCPA?
Companies that fail to comply with the CCPA are subject to expensive fines per violation as well as lawsuits. For example, if a company experiences any data breaches, affected individuals can take legal action against the company and sue for damages.
Who in my company is responsible for ensuring CCPA compliance?
Lots of different company departments collect and use consumer data, so it’s up to all employees to comply with CCPA rules. This responsibility holds true from each individual sales representative all the way up to the CEO. However, the CEO or CIO often leads an organized approach to CCPA-compliance.
Emily Clarke writes about employee management, benefits and payroll service. You can find her thoughts at employer organizer blog.