You may have heard the letters CCPA being thrown around lately. It’s the abbreviation for a new data privacy law. If you’re like the average business, you’re wondering what CCPA is, what it means for data privacy, and whether or how
you may need to comply.
What Is the CCPA?
The California Consumer Privacy Act, or CCPA is a data privacy law that went into effect in California in January 2020. California is the first state to pass and enact such a law, whose purpose is to give consumers greater autonomy and control over their
data.
Companies are constantly collecting information about consumers without full transparency over how it’s being used, stored, or shared. Under CCPA, consumers will have more information on and control over the personal information companies collect
and store.
Businesses—currently just those that meet certain requirements—are in the process of adjusting how they manage customer data to meet CCPA requirements.
Why Was the CCPA Put into Effect?
The CCPA was passed by the California State Legislature and signed into law by then-Governor Jerry Brown. The law was passed because California lawmakers and residents believe that having control over personal information, and being able to
secure it, is a fundamental right. Data privacy advocates believe that consumers deserve to know what’s being done with their personal information, how it is being forwarded or sold, and why it is being collected in the first place. In addition,
there’s a focus on the right to opt out of having data collected and being able to request data be deleted.
A survey by the Pew Research Center (PRC) found that most Americans
believe it’s impossible to go through daily life without having personal data collected. While the CCPA doesn’t aim to completely disclose how businesses collect, record, and use personal data, it does set out to give greater rights and
control to users as far as their data is concerned—whether it’s collected, stored, and/or shared.
What Are the Requirements of CCPA?
Any time one of these data privacy laws comes out, businesses wonder whether it affects them and how they need to adjust—if at all.
Businesses are legally obliged to comply with the CCPA if they meet any of the following conditions:
- Have an annual gross revenue exceeding $25 million
- Derive 50% or more of its annual revenues from selling consumers’ personal information
- Buy, receive, sell, or share the personal information of 50,000 or more California residents, households, or devices a year
If your business meets any of the conditions above, then you are required to comply with the CCPA. To be in compliance, businesses must:
- Have a link on their website where users can opt-out of third-party data sales
- Provide a notice at or before the point of data collection to inform consumers about the type of data that’s collected and why
- Comply with opt-out requests within 15 days
- Provide consumers the records of their personal information collected in the past 12 months for free upon request
- Avoid discriminating based on a consumer’s choice to exercise their data privacy rights
- And more
The fines put in place are set at levels that are likely to deter infractions. Violations of CCPA can result is fines of $7,500 per violation and $750 per affected user in civil damages. Considering the minimum number of users is 50,000
for the law to apply, the fiscal penalties will add up fast.
How Does the CCPA Affect Iowa Businesses?
If your business doesn’t fall under the requirements to comply with the CCPA, you should still pay attention to the law. The passing of the CCPA indicates where data privacy laws are headed nationally and internationally. While you may not need
to integrate these policies into your custom software or website today, the industry as a whole is headed in the direction of stricter privacy and data governance. Consumers are becoming more aware of their data’s value, and lawmakers are paying
attention to issues around data privacy.
Do you have questions about how data is handled in your custom software?
Reach out.