California Consumer Privacy Act

Everyone seems to have a lot of questions around California Consumer Privacy Act (CCPA). Here are a few facts that might help you understand what it means.

This act of legislation is the first and biggest step in the United States towards protecting the consumer’s privacy rights when it comes to consumer data and its collection, sale, and accessibility. It enables all Californians to know where their personal information is stored, how it is being used, and who is using it. Essentially, if you sell your customer’s personal information, or disclose it for a business purpose, the customer now has the right to request that you disclose the categories of information you collect and the identity of 3rd parties to whom you sold or disclosed this information.

Privacy. Californians will have the right to say no to the sale of their personal information, to know how data was acquired, and to request deletion.

This isn’t just about credit card information, like PCI. It affects cookies that websites collect, pictures, and anything that might be used to identify a person (including marketing habits just tied to an IP address or an otherwise anonymous visitor). Also, this includes the private right of action, meaning that consumers can sue companies directly.

Businesses must provide a clear and conspicuous link on the business’ Internet homepage, titled “Do Not Sell My Personal Information” and must include a description of a consumer’s rights along with a separate link to the “Do Not Sell My Personal Information” Internet Web page in its online privacy policy. Also, note that California does not require consent and maintains an “opt-out” system.

 At most, $7,500 per violation, but only if the violation is intentional. Otherwise, fines will be capped at $2,500.

Yes, we’ll help you figure out how to achieve your CCPA compliance goals. If you’re already GDPR compliant, you’re in great shape. If you’re not we’ll identify gaps along with remediation recommendations and an implementation plan to achieve and maintain compliance.