The California Consumer Protection Act (CCPA) becomes law beginning January 1, 2020 and will start being enforced by the California Attorney General starting July 1. The bill has been touted as California’s answer to the General Data Protection Regulation (GDPR), which is the law governing data privacy in the European Union. The CCPA only applies to businesses that meet at least one of the following criteria:
- The business has annual gross revenue in excess of $25 million;
- The business possesses the personal information of 50,000 or more consumers, households or devices;
- The business earns more than half of its annual revenue from selling consumers’ personal information.
CCPA compliance fines are up to $2,500 for unintentional violations and $7,500 per intentional violation.
We’re here to help
If you have questions how CCPA impacts your business,
ask a lawyer and get an answer within 1 business day.
What consumer data is covered by the CCPA?
The CCPA carves out a broad definition of personal data by defining it as “information that identifies, relates to, describes, is capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.” Using this definition, you should identify which of your company’s collected data falls under this umbrella. If your company uses third-party data, identify the sources, and be prepared to answer any CCPA requests. Despite its third-party source, your company is responsible for this data as if it collected the information.
As a marketer, you should ask yourself if all the data you are collecting is necessary and identify what is sensitive information. Next, you should consider deleting the non-pertinent data and encrypt what’s sensitive.
What other steps should I take for CCPA compliance?
If you are a marketer or advertiser for a company that falls under one of the categories above, here are a few steps that you can take to prepare for the change:
- Know where the data is stored in order to have it readily available when a consumer makes a verifiable request
- Audit marketing list data and organize it by source (internal or third-party)
- Rethink your method of data collection and only collect information that you need. The less unnecessary data you collect, the more likely you are to remain CCPA compliant
What else should I know about the rights of California consumers?
The CCPA has several guaranteed rights written into it:
- Companies must inform consumers at or before the point of data collection what categories of personal information will be collected and the purpose of collecting it
- Consumers may request information regarding the data collected and request records for the 12-month period preceding the date of request
- Consumers may opt-out of the sale of their personal information
- Consumers may request to have their information deleted
Instead of seeing CCPA compliance as an obstacle that one must deal with, your company can use the new regulation as an opportunity to revisit its data collection strategy altogether. Rather than operating under the old mentality of “collect as much data as possible,” think about why you are collecting the data and gather it in a meaningful way. By doing this, you may be able to offer more transparency to your customers, which is usually looked upon favorably.
If you have questions about how CCPA might apply to your business, ask a lawyer.