WHAT IS CCPA?
The California Consumer Privacy Act (CCPA) is a sweeping set of regulations designed to protect consumers from abuses of the data gathered by companies they do business with and firms that sell data about people who visited their website. It went into effect on January 1st, 2020 and enforcement will begin on July 1st. The act imposes heavy fines – up to $7,500 per consumer, per incident. Under this new law the Equifax breach would have cost the company $132 billion in fines! CCPA regs are not final, but here is where they stand as of today.
WHO IS IMPACTED BY CCPA?
Your business is subject to the CCPA if one or more of the following are true:
- Has gross annual revenues in excess of $25 million,
- Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices,
- Derives 50% or more of annual revenues from selling consumers’ personal information.
What Does CCPA Require?
CONSUMER RIGHTS
RIGHT TO NOTICE
Businesses must inform consumers at or before the point of collection what categories of personal information will be collected and the purposes for which these categories will be used.
RIGHT TO OPT OUT
Consumers have the right—at any time—to direct businesses that sell personal information about the consumer to third parties to stop this sale.
RIGHT TO DELETION
Consumers also have the right to request deletion of personal
information.
information.
RIGHT TO ACCESS
Consumers have the right to request that a business disclose the following:
- categories of personal information collected including information about the categories of sources from which personal information is collected and the business or commercial purpose
- categories of third parties with which the business shares personal information
- specific pieces of personal information the business holds about a consumer
- If a business sells personal information or discloses it for business purposes, consumers have the right to request the categories of information so sold or disclosed.