The California Consumer Privacy Act or CCPA was enacted in 2018 and took effect in 2020. The CCPA is a state statute intended to enhance privacy rights and consumer protection for the residents of California. It granted data privacy rights to all California residents and it forces businesses to provide information about what their data is being used for and gives them more control over their personal information. Many consumers are not aware that their data is being shared or sold. Businesses will have to honor requests for opt-outs of sharing or selling their information.
What is the CCPA?
The CCPA applies to certain businesses. The CCPA specifically applies to businesses that have over $25 million a year in sales or receive the personal information of 50,000 or more residents, households, or devices each year. The CCPA also applies if a business derives over 50% of the annual revenue from selling California resident’s personal information. Businesses have to let customers know that they're collecting data. They also have to give an option for the customers to opt-out. Complying with opt-outs has to be completed in a timely manner.
Who Must Comply with the CCPA?
The CCPA does not apply only to California companies, but also companies that are calling into California and doing marketing for them, a company needs to make sure that they have these guidelines in place. The fines can range from $100 to $750 per incident. Consumers don’t have to prove that they incurred financial loss, they only have to show that a company violated that law. Picture a marketing company that is contacting tens of thousands of customers and not doing so correctly. They could be hit with a hefty fine. These fines add up fairly quickly for anyone contacting a large number of people.
A good practice for businesses should be to start looking at these laws and start working towards sound data handling practices. There are already some copycat laws from other states. California will be used as a baseline as it rolls across the country and businesses should plan on building these compliance features into their platform and business.