If you know how the internet works, you know that every website you visit collects personal data. This data helps them provide superior services, ensures you get a personalized experience. However, this means your personal data is stored in that company’s servers and can be utilized at any time. There are few rules that protect your privacy and help keep your data secure from people who might misuse it.
Governments have started to recognize this vacuum and have introduced policies like GDPR and CCPA. This article explores CCPA and everything you need to know about it.
What Is CCPA?
CCPA is a set of privacy and personal data protection laws implemented by the State of California. CCPA stands for the California Consumer Privacy Act, and it will improve privacy and transparency to help protect consumer interests.
CCPA is the latest in the league of privacy laws implemented recently. The EU launched the General Data Protection Regulation (GDPR) and Canada implemented Canadian Anti-Spam Law (CASL) to improve consumer privacy.
The CCPA focuses primarily on the privacy and data collection aspect. The act is similar to GDPR in most respects so people who have implemented GDPR will have an easier time adapting to it. There are still some key differences between both policies so it is important to study CCPA carefully and fulfill its requirements even if you have completed the entire GDPR process.
The law was a direct response to the misappropriation of Facebook data by Cambridge Analytica. At least 87 million people were affected by that privacy breach and it showed governments that something had to be done to protect the interests of consumers.
The act was written and passed quickly so there are still some kinks and loopholes that companies might potentially exploit. However, CCPA is a step in the right direction and will evolve with time to become a comprehensive law. The government will continue to refine the act and its policies until it is implemented to ensure the act provides maximum protection.
When It Will Be Introduced?
CCPA will go into force in January 2020. All businesses and entities based in California or marketing to the state’s citizens must implement the CCPA by this time. If your website isn’t ready by then, it might face penalties.
This means you will need to start working on implementing the changes soon to ensure your company and website are ready. The act is completely enforceable after January 2020, which means companies that haven’t implemented the changes will have very little time to implement the changes before they’re caught.
Who It Applies To
CCPA is most likely going to have a worldwide impact because many internet powerhouses like Google and Facebook are based in California. This state is also the 5th largest economy in the world, which increases the influence of CCPA considerably.
Many brands that aren’t based in California but market to its citizens will have to comply with CCPA. Entities that fit the criteria mentioned below must comply with CCPA in order to avoid penalties after 2020:
- Companies that do business in
- Companies that collect personal information from consumers.
- Companies that have minimum annual gross revenue of $25 million.
- Businesses that primarily deal with selling consumers’ personal information to other entities.
- Businesses that share, sell, receive, or buy personal information of 50,000 or more consumers, devices, or households.
If your company falls under any one of these categories, you will have to comply with the CCPA. California has a sizable population of more than 40 million people and an economy of more than $2.7 trillion. All of this will be affected by the act.
Even if your business isn’t directly influenced by CCPA or GDPR, it is a good idea to implement the standards set by both of these facts on your website. That can help you avoid penalties at a later date. It is always a good idea to adopt superior privacy standards to protect consumer interests.
What’s The Main Purpose?
The main purpose of CCPA is to protect consumer data and ensure companies don’t misuse it. It also aims to provide consumers with better control and more access to the information collected by companies. This allows consumers to determine what kind of information they want to make public and what they would rather keep to themselves.
Consumers will have the right to assess all the data collected and request erasure. If the consumer wants you to remove all their private information from your database, you will have to comply.
The act is fairly comprehensive and offers considerable protections to consumers. The consumer rights will vary based on whether the company collects or sells the consumer information. Here’s a look at what companies must do for consumers on request:
- Disclose all information requested by the consumer. This includes categories of personal information collected or sold, sources, your purpose for using the information, etc.
- A business must grant consumers access to all of the information they have collected on them.
- Businesses must delete the information collected if the consumer requests it.
- Businesses can’t discriminate against consumers who have opted to use their rights in such cases. They must continue to offer equal service.
All of these rights provide consumers more control over their personal information. CCPA also creates a more transparent system. Consumers are more aware of the information collected and know what they should and shouldn’t share with companies.
What Are And Financial Penalties/Consequences?
If businesses fail to comply with the established standards set by CCPA, they can face several penalties. Most businesses will face monetary penalties enforced by the court such as:
- $2,500 for every violation if it is unintentional.
- $7,500 for every violation if it is intentional.
There’s no maximum limit, which means the court can impose several penalties for every violation. The power to impose these penalties and decide on the matter of violations rests on the Attorney General. The Attorney General is allowed to start investigations independently if there are any allegations against a particular business or entity.
Consumers also have an option to file a civil action against companies that violate the CCPA. This option is only applicable to non-encrypted or non-redacted information. Civil proceedings can be either individual or class-action based on the extent of the violation.
Businesses will have a 30-day notice before the civil action is filed. If they fix the issue within that time, they will avoid the civil action suit. The damages in these cases can’t be less than $100 and more than $750 for every violation of the CCPA. All of these penalties will be strictly imposed on businesses that don’t comply with CCPA after January, 2020.
There are some exemptions to this law. It doesn’t cover data sharing if the company is following federal, state, or local laws. It also doesn’t cover collecting or selling data that can’t be traced back to a single consumer. If every aspect of the transaction and consumer interaction takes place outside California, it doesn’t fall under CCPA.
Some information like medical information, data collected from clinical trials, information under Driver’s Privacy Protection Act and Gramm-Leach-Bliley Act, aren’t covered by the CCPA. In most cases, this data is already protected by existing law and requires a different kind of handling.
Information that is publically available as a part of state or federal laws is also exempt from CCPA.
There’s plenty of information available online regarding CCPA. You can also find an expert in this field you want to know more or want to implement it on your website. It might be a good idea to hire a legal professional to get a full idea of CCPA if you are based in California or consider it a big market for your brand.
About the article Author:
Hi, we are createIT!
As a passionate group of professionals with a love for Web and mobile technologies, we have been successfully serving our clients for the past 15 years. Through these years we have continuously striven to create the best IT solutions our clients seek.
Our 50+ developer team creates cutting-edge complex B2B and B2C web systems and apps as well as delivers top-notch direct outsourcing services.
We work in multiple frameworks but we hold special feelings and are experts in Symfony, WordPress, React, Flutter, OXID, and Blockchain.
We are located in Warsaw, Poland, in the heart of Europe. Concentrated on delivering durable web solutions of high integrity, we do not always try to be the cheapest. However, thanks to our location you will be surprised how reasonable our prices are.
Fluent in English we offer services worldwide. Among others, in countries such as the U.S.A., Great Britain, Germany, Australia, Sweden and Poland.