CCPA and What It Means For Your Business
January 3, 2020
Data privacy has been top of mind for consumers and legislators alike over the course of the past several years. As the number of privacy scandals has grown among internet giants and GDPR has gone into effect, many have wondered when similar legislation would reach the US. In January 2020, the first of law of its kind on data privacy will take effect in California under the newly passed California Consumer Privacy Act.
What is CCPA?
The California Consumer Privacy Act, or CCPA, is the first piece of legislation of it’s kind to reach the US. Like GDPR in Europe, CCPA is a new piece of legislation on internet data privacy that is set to go into effect in January 2020. While lawmakers are working toward a federal data privacy law, most experts agree that it is unlikely that there will be one by the time CCPA goes into effect. However, there are still changes to come to CCPA as it stands, as amendments to the law are still being debated by legislators.
CCPA will apply to for-profit businesses that collect and process personal information of California residents and those who do business in the state. Much like GDPR, the definition of “personal information” covers a broad spectrum under CCPA. Defined as, “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
What changes will you need to make?
Businesses that will need to comply with CCPA will have several changes to make to their websites in order to be compliant with the law come January. Some of the things businesses will need to add to their websites are:
- A disclosure notifying consumers of what personal information is being collected, how it is being used, and to whom that information is being potentially sold.
- An opt-out for consumers to elect not to have their information sold to a third party. Consumers under the age of 16 must have to opt-in rather than opt out to have their data sold and users under 13 years of age will require a parent or guardian permission.
- The ability for consumers to request their personal information be deleted at any time. Businesses must also clearly notify consumers that they have this option.
- Businesses must post a clear “Do Not Sell My Personal Information” link on their homepage for California residents to opt out.
It is also important to note that there is a section of the law that prevents businesses from discriminating against consumers who do opt out. However, it allows businesses to charge a different price or level of service to customers who opt out as long as “that difference is reasonably related to the value provided to the consumer by the consumer’s data.”
How will CCPA impact your business?
In a departure from what has been set by GDPR, CCPA will give consumers a private right of action and the ability to file either individual or class action lawsuits. This covers personal information that is “is subject to an unauthorized access and exfiltration, theft or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices.”
The law also states that consumers are able “to recover damages in an amount not less than one hundred dollars ($100) and not greater than seven hundred and fifty ($750) per consumer per incident or actual damages, whichever is greater.”
For businesses that meet the compliance requirements, there are penalties for failure to comply either intentionally or unintentionally.
KSA&D can help!
Now that the compliance deadline is here, it’s important to get your business ready to avoid any potential issues. KSA&D is here to help! If your business meets the compliance requirements for CCPA (or if you’d like to find out if the law will impact you), take action! Give us a call! Our web development experts are ready to make sure your website is up to date well ahead of the deadline.
Read the full legislation here: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375