If you find yourself scrambling to get ready for the California Consumer Privacy Act (CCPA), now that we’re officially into 2020, take a deep breath and don’t panic. Don’t fret, you aren’t alone. Hopefully the guide below will be a starting point on your journey of digging deeper into CCPA details.
What Is CCPA?
CCPA went into effect on January 1,2020, which gave Californians new rights in relation to their data that was being collected and stored or purged. It is the strongest privacy legislation in any U.S. state and the closest to GDPR we have had thus far in America. Under the act, Californians have the right to know what personal data is being collected (and if that data is shared or sold, to whom), the ability to access and request deletion of their personal information, the ability to opt out of the sale of their information, and the right to receive equal service and price points even if they decide to opt out. Starting on July 1,2020, CCPA will become enforceable. The violations can be generated by either the California Attorney General or individual consumers.
Who Is Impacted?
CCPA impacts for-profit companies that do business in California and meet any one of the below criteria:
• $25MM in gross annual revenue
• 50,000+ residents’ information processed
• 50%+ annual revenue derived from processing or selling information about California residents
CCPA also impacts the service providers and third parties that interact with these businesses. Service providers are the companies that process personal information in order to meet the terms of a contract with another business (like an agency). Third parties are companies that are neither a business collecting personal information nor a company processing it on behalf of a business (like a data vendor).
What Comes Next?
It’s important to make sure to spend some time evaluating the current state of your role – as a company, a service provider or a third party. Doing an audit of current practices and policies will help you find the next course of action. As a business or service provider, it is important to research Consent Management Partners and begin implementing the necessary entities to be within compliance. Continue to investigate vendors to help fill any data gaps you have, and make sure they are also doing their part to be compliant with CCPA. As always, reach out to trusted partners and organizations like 4A’s to help guide you through the process.