In July, enforcement of the California Consumer Protection Act began and businesses that misused consumer data were effectively put on notice.
So what is CCPA?
In a nutshell, it’s an attempt by America’s most populist state to put in place stringent privacy protection laws like those found in Europe. The CCPA is designed to give consumers some recourse when companies don’t safeguard their data. Its biggest provision allows Californians to sue companies after a data breach.
Nuts and Bolts: What Is CCPA?
If you have accounts online (so everybody) then chances are you have received a notification that you are entitled to some sort of account monitoring.
It’s a far too common experience. One of the biggest breaches stung Equifax in 2017. The massive credit bureau fell prey to a hack that put 147.9 million of its customers’ data — Social Security numbers, addresses — at risk.
When these hacks make the news, it’s always millions of accounts or users that take a bath and have their personal data exposed.
Although Congress has been slow to pass sweeping consumer protections when it comes to penalizing businesses who don’t adequately protect consumer data, the state that represents the 5th biggest economy in the world was not.
Some of the CCPA’s consumer rights include the right to know all data and it doesn’t matter where or when the data was collected or bought. The consumer can also ask for the data to be deleted or that it not be sold.
The consumer, according to the CCPA, also has the right to opt-in before the information of children under 16 can be sold.
California’s Attorney General’s office is mandated to enforce the CCPA but the law states that if a breach does occur, consumers have the right to take legal action, according to the AG’s website.
How Will the CCPA Effect Businesses?
CCPA regulations don’t impact all businesses. Small businesses whose annual gross revenues do not exceed $25 million, or that does not derive more than 50 percent of its annual revenue from selling its costumer’s data are among those that do not need to seek compliance.
Although there’s plenty of consensus that the CCPA will help protect consumers, it’s also expected to sweep in companies around the country and expose them to fines and litigation.
What You Can Do
Small businesses need to understand what is CCPA data compliance, especially if their business model depends, in large part, on collecting or selling consumer information.
The full law is on the state’s website.
Also, there are online tools available for businesses to improve their privacy collection and it might be time for businesses to consider hiring a data processing consultant.
It’s a good idea for companies and individuals to constantly think about how they can secure their data, as privacy protection laws — and massive data breaches — are likely here to stay.
Read more about data protection and compliance on this website, and if you have questions about digital identity software, contact us here.