As an internet user, your main goal is to surf freely. But did you know that many websites track your information for diagnostic and marketing purposes? Don’t worry, there are policies in place to ensure you’re protected online. One of these policies is the CCPA. But, what is the CCPA and should you be concerned? Well, keep reading to learn more.
What is CCPA?
In short, the California Consumer Privacy Act (CCPA) is a state statute designed to protect the personal information of California residents.
Also, The CCPA is similar to the EU’s General Data Protection Regulation (GDPR). Basically, the CCPA gives the right to know what kinds of collected information and why. Plus, it allows you the right to request to delete the information (with some exceptions). Further, it gives you the right to opt-out of having their information sold and the right to non-discrimination for exercising these rights.
However, only California residents have rights under the CCPA.
Responsibilities Under the CCPA
Firstly, the CCPA only applies to for-profit businesses and those doing at least $25 million USD in annual sales. For those businesses, their responsibilities include:
- Implement processes to obtain parental or guardian consent for minors under 13 years and the affirmative consent of minors between 13 and 16 years for data sharing purposes.
- Having a “Do Not Sell My Personal Information” link on the home page of their business to opt out of the sale of the resident’s personal information.
- Having a method for submitting data access requests, including, at a minimum, a toll-free telephone number.
- Update privacy policies with the newly required information, including a description of California residents’ rights.
- Avoid requesting opt-in consent for 12 months after a California resident opts out.
Consequences Under the CCPA
Under the CCPA, class action lawsuits can order companies that become victims of data theft or other data security breaches to pay damages. As a result of these suits, companies may require to:
- Pay statutory damages between $100 to $750 per California resident and incident, or actual damages (whichever is greater),
- Provide any other relief a court deems proper, subject to an option of the California Attorney General’s Office,
- Pay fines of up to $7,500 for each intentional privacy violation and $2,500 for each unintentional violation.
Why You Should Be Concerned
Regardless of policy, you should think about safeguarding your clients’ privacy and information. It doesn’t matter if you’re not a business in California that is doing $25 million USD in annual sales. More jurisdictions plan to roll out similar privacy laws, making your business financially responsible for losses. So, no matter where in the world you do business it’s best to make sure you are able to protect consumer data. This way, you’ve prepared your organization for when similar regulations become law in your area.