Please wait...

Everything you need to know about the California Consumer Privacy Act 2018

Overview

The CCPA is a law designed to protect the data privacy rights of citizens living in California. In short, the law forces companies to provide more information to consumers about what’s being done with their data and gives them more control over the sharing of their data. The real issue that the law addresses are that most consumers don’t realize that their Personal Information is being shared or sold to others. This act ensures that they are given the chance to opt-out of having their information used in a way that they disapprove of.

 

Who Does CCPA Apply To?

A business that collects California resident’ Personal Information and satisfies one or more of the defined criteria:

Us Dollar Sign

Has Annual Revenue of 25 million dollars or more

Network

Buys, Receives, Sells, or Shares the Personal Information of 50,000 or more consumers, households, or devices

Growth of Revenue

Derives 50 Percent or More of Its Annual Revenue from selling consumers Personal Information

 

What Is Considered Personal Information Under The CCPA?

The CCPA applies to Personal Information that “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household."

Just to make sure that companies have comprehended what falls under Personal Information, the legislators listed a few specific examples, including:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.

  • Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  • Biometric information.

  • Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.

  • Geolocation data

  • Audio, electronic, visual, thermal, olfactory, or similar information.

  • Professional or employment-related information.

  • Education information

  • A profile about a consumer reflecting the consumer’s preferences, characteristics, psychological

    trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

 

What Is Not Considered Personal Information Under The CCPA?

Personal information does not include publicly available information that is from federal, state, or local government records, such as professional licenses and public real estate/property records.

 

What Are The Privacy Rights Provided By CCPA?

Like the EU General Data Protection Regulation (GDPR), the CCPA gives consumers some privacy rights.

CCPA provides consumers with more control by providing them with the following rights:

Right to Know: Businesses have to inform consumers about categories of information that will be collected, the purpose for which it’s being collected, whether their data is Sold or Shared and to Whom and some other specific pieces of information — at or before the point the information is taken.

Right to Correct Inaccurate Personal Information: A consumer has a right to request a business to correct their inaccurate information

Right to Delete: Consumers also have a right to request that a business delete their information (with some exceptions).

Right to Access: The consumers can make an access request for their information to find out in more detail about the specific pieces of information held by the business and the third parties that received their information.

Right to Opt-out of Sale or Sharing of Personal Information (Opt-in for minors): The consumers have a right to direct a business that sells data about the consumer to third parties not to sell the consumer’s data. For minors (less than 16 years of age), a business should not sell the data of consumers without affirmative authorization from the sale of the consumer’s Personal Information.

Right of No Retaliation Following Opt-out or Exercise of Other Rights: If consumers exercise any of their rights, they can’t be discriminated against by being denied goods or services.

 

What Are The Fines For Non-Compliance?

If a business is found to be liable for a civil penalty under the CCPA, the amount will be:

  • Up to $7,500 per intentional violation
  • Up to $2,500 per unintentional violation

"The California Attorney-General can pursue penalties from businesses that violate any part of the CCPA."

Any consumer whose Personal Information is breached may institute a civil action to recover damages in an amount of up to $750 per consumer per incident or actual damages, whichever is greater.

 Money

What Are The Key Areas To Focus For CCPA Compliance?

One of the first steps to implement data protection is to know whether CCPA applies to you. If it does, you need to: 

  • Review all your mechanisms and procedures in place to ensure data privacy and protection is at the core of your business and are one of your top-most priorities.
  • Check whether these policies and procedures comply with the requirements of the CCPA and if not, amend or update existing policies/ processes to ensure compliance.
  • Train and educate relevant staff who are data handlers or processors about the change in processes, mandatory regulatory compliances and the consequences and penalties levied for non- compliance.
  • Ensure there is an internal review mechanism in place to highlight any lapses or breaches on your part. Alternatively, you can also contract an independent data auditor to review your policies and processes for compliance and improvements.
  • In case of any data breaches, ensure there is a breach management process.
  • Ensure a Grievance Redressal mechanism is put in place to allow consumers to send requests, issues or queries regarding their personal information

 

What Are The Benefits Of Conducting A CCPA Compliance Review?

Competitive Edge- 

  • When your firm is certified as CCPA compliant, it will give you an edge over your competitors who aren’t
  • This becomes a differentiating factor for you. You will get more clients having this as a feather in your cap

Customer Trust-

  • You can earn the valuable trust of your existing and potential customers that personal data is handled securely and as per the compliances required by the CCPA

Avoid Penalties-

  • If there are gaps/ breaches highlighted during our assessment, you can take reasonable steps to ensure controls are in place to ensure such lapses and breaches don’t occur again thus avoiding hefty penalties.

 

 

Does the CCPA apply to you? Be Prepared!

Connect with us for a compliance review

 

About Riskpro-

Riskpro India Ventures Private Limited ("Riskpro India") is a specialized Risk Management consulting company. It is managed by experienced professionals with experiences across various industries. With an office in Mumbai and team members in Delhi, Bangalore, Chennai, Pune, Hyderabad and Kolkata, we are one of the fastest growing risk consulting firms in India.

We are in business since 9+ years, serviced more than 500 clients in 7 cities, with 45 cities Associate representation, 60 team members and 10 Strategic partners. Riskpro can assist your organization in various services provided through our 4 verticals of Advisory & Assurance, Technology, Trainings and Recruitment.  

For more details, please visit our website www.riskpro.in or email us at info@riskpro.in