Introduction
Data is the new oil and businesses collect valuable information from their customers every day. However, data collected from customers is subject to cyber attacks and data breaches that could affect customer confidence and create long-term responsibilities for the brand or business reputation. Therefore, it is essential to protect customer data in the digital information age.
In light of this, the California Consumer Privacy Act (CCPA) has been enacted and will take effect on January 1, 2020, to protect the data of California residents and give them more control over the use of their personal informations.
What is personal information?
At the grassroots level, most companies collect personal information such as the name, contact number, address and email ID of their customers. But with the advent of mobile apps and websites, businesses can now track what their customers buy and where they go to create a specific buyer profile. These buyer profiles can include biometric data, internet browsing information, product purchases or wanted products, geolocation data, academic and professional information, among others.
According to the CCPA, any business that deals with Californian residents must disclose and delete personal information at the request of their customers.
Who does it apply to?
California Consumer Privacy Act applies to
- Companies that sell data at the heart of their activity
- Businesses with gross income over $25 Million
- Companies with data on more than 50,000 consumers
- Companies that generate more than 50% of their turnover by selling consumer data
What does CCPA provide?
CCPA offers the following rights to residents of California
- The right to know
- Right of deletion
- Permission to access
- Right to withdraw
- Right to equal service
What are the fines for non-compliance?
- For incidents involving 10,000 consumers, businesses can be penalized for up to $ 7.5 million.
- Individual consumers can sue companies for piracy and fine them from $ 100 to $ 750.
- The California Attorney General can sue for intentional privacy violations up to $ 7,500 each.
Are there any exceptions or exemptions from the CCPA?
Federal law could pre-empt the CCPA. Some types of essential data that are not under the control of the CCAC include:
- Public information that is not considered personal information
- Identified or aggregated data that is not considered personal information
- Data from consumers who are not residents of California
- Data used to cooperate with law enforcement
CCPA compliance schedule
