California’s New Privacy Laws: What You Need to Know
We’ve all read the headlines about companies like Facebook, Apple, and Twitter selling personal information to other parties. It’s a fairly common practice–and it could be pretty lucrative. After all, this information helps other companies target potential consumers for marketing and other purposes.
The CCPA secures new privacy rights for California consumers. This landmark piece of legislation will make a big impact on companies that profit from selling information collected from users and consumers. In fact, an estimated $12 billion worth of personal information used for advertising in California may be protected.
What is the California Consumer Privacy Act?
The California Consumer Privacy Act was signed into law back in 2018. To give companies fair warning, it didn’t go into effect until January 1, 2020. Companies, however, have some extra time to make sure they comply. The California Attorney General won’t start enforcing the law until July 1, 2020.
- Know what personal information is collected, used, shared, or sold. This includes information categories as well as specific pieces of data.
- Delete personal information held by businesses and a business’s service provider.
- Opt-out of the sale of personal information. Businesses must provide a “Do Not Sell My Info” link on their website or mobile app.
- Non-discrimination of prices and services if the consumer chooses to exercise their rights under the CCPA.
What Businesses are Affected by the CCPA?
At this point, the CCPA targets larger businesses. The companies affected have at least one of these characteristics:
- Gross annual revenues over $25 million.
- Buys, sells, or receives the personal information of over 50,000 consumers, devices, or households.
- Gets more than 50% of their revenue from selling consumers’ personal information.
How Does A Company Need to Comply?
As mentioned earlier, a company’s website or mobile app needs to provide a link to opt-out of selling or collecting personal information. Also, as you can probably guess, businesses must respond to the requests from consumers to protect their private information in a timely manner. Businesses must also verify the identity of consumers who make these requests.
But that’s not all.
Businesses must give consumers notice at or before data collection. Also, the CCPA requires companies to disclose the financial incentives offered in exchange for the collection and sale of personal information.
To ensure businesses are complying, they must also maintain records of consumers CCPA-related requests and how they responded. These records need to be kept for 24 months.
What Happens if a Company Doesn’t Comply with CCPA?
Individuals who feel their personal information has been compromised due to a company’s noncompliance with CCPA can recover damages between $100 and $750 per incident (or the amount of actual damages).
It doesn’t seem like much, but it can certainly add up considering the volume of consumers larger companies deal with online or otherwise.
Also, a business in violation of the CCPA may be liable to a civil penalty of $2,500 for each violation and $7,500 for each intentional violation. The actual amount will be assessed by the State of California Attorney General.
Again, these penalties can quickly become a financial burden for companies ignoring the CCPA.
Is it worth it? Not at all.
Unsure How to Become CCPA Compliant?
If you’ve read this far, you probably have all sorts of questions going through your mind–even if your business doesn’t meet the qualifications listed above.
After all, once the CCPA requirements take full effect, California residents may expect the same opt-out privacy options for smaller businesses. You won’t actually be breaking any laws, but California consumers can easily find businesses willing to comply with the CCPA.
As you may guess, the trend to protect the privacy of personal information will likely grow in the years ahead. For example, California has a ballot initiative in 2020 that may adopt a more comprehensive version of CCPA.
If your business is directly affected by the CCPA, you still have until July to fully comply. If you are a proactive business owner who sees this trend only getting more popular, you can make changes now to save some major headaches in the future. Consumers will certainly take notice.
Let Us Help You Become CCPA Compliant
Sure, you can sift through the laws and make sure your business and website is CCPA compliant. But do you really have the time? Can you trust someone else in your company to fully understand and implement the CCPA’s guidelines?
After all, a couple simple oversights can lead to big problems with your bottom line.
July will be here before you know it. Contact us today so you don’t have to stress out about last minute adjustments.