CCPA: What you really need to know about California's new privacy law
By Vin Gaeta
In this quick round-up, we’re going to go over a few big questions you likely have pertaining to CCPA. Specifically:
- What is CCPA?
- Who is affected by CCPA?
- When does it take effect?
- What do I do next?
There are plenty of in-depth CCPA walkthroughs that have been released by legal experts, but we wanted to put together the must-know items to prime you for what’s to come.
What is CCPA?
CCPA, or the California Consumer Privacy Act, is the latest legislation focused on improving how online users can control the data businesses obtain from them, and how those businesses are able to utilize it.
The new policy, which was signed into law in June, 2018, went into effect on January 1, 2020, and is “considered one of the strictest privacy laws in the United States,” according to Deloitte.
The new law requires updates to your business disclosures, including letting consumers know about the existence of the law, their specific rights in regards to their data, as well as enabling users to obtain copies of, or order the deletion of, their personal information from any business.
Who is affected by CCPA?
The California Consumer Privacy Act is focused on California residents and their personal information.
Businesses that operate in the state must be compliant, as well as any business that has customers who reside in California, so long as the business meets one of the following criteria:
- Have gross annual revenue larger than $25 million
- Obtain or releases personal information of 50,000 or more California residents, households, or devices each year
- Make 50% or greater annual revenue from selling California residents' personal information
Smaller companies or those that don’t utilize large amounts of personal data from California residents won’t be required to comply — but that doesn’t mean it’s not a good idea to do it anyway.
After all, with the current focus on privacy, it’s only a matter of time before other states take similar action. States like Maine have already passed similar privacy laws, with others such as New York moving forward as well.
When does it take effect?
The CCPA law is in effect and enforced as of January 1, 2020. Customers will be able to request information from as early as January 1, 2019, that has been collected and to be notified if the information has been given or sold to a third party.
According to Deloitte, the California attorney general has noted that the state “will delay its own enforcement actions for a period of six months after the act goes into enforcement.”
What do I do next?
If you operate in California and meet any of the criteria mentioned above but haven’t begun updating your practices to be compliant, it’s time to start making progress. Begin by updating your policies and enabling users to request their information (and make sure to give it to them in a timely manner).
If you don’t operate in, or sell to people, in California, it’s still a good idea to begin the process of becoming compliant, as more and more states will likely be introducing similar legislation around the end users' ability to see the information collected and stored.
If you're looking for more detailed CCPA, the California Attorney General's office has a very useful website, as does the non-profit Californians for Consumer Privacy.
Wondering where to begin?