Back on June 28, 2018 the state of California passed the California Consumer Privacy Act. This law helps protect consumers’ privacy rights within the state. It’s somewhat similar to the European General Data Protection Regulation, also known as GDPR. The CCPA goes into effect January 1, 2020 and businesses need to be prepared for the changes. But how does this affect you and your company?
The CCPA affects businesses who collect personal information of individuals residing in California. It also allows Californians the right to sue a business if a data breach compromises their personal information. Unfortunately, the build up to the effective date has left many businesses in the dark. The ESET polled 625 executives and business owners to get a feel for their readiness regarding the new law and almost half had never even heard of CCPA. Out of those who are aware of the law, less than 12% knew if the law was applicable to them or not. The remaining 34% were unsure of what they must change.
This law was passed at a time when data breaches were high. An astonishing 6,500 reported breaches affected more than 5 billion records in 2018, making it the second-most active year for these types of events. Affected companies included Facebook and many others. As a business owner, it’s important that you understand the ins and outs of the California Consumer Privacy Act in order to be able to protect your business.
What is the CCPA?
The California Consumer Privacy Act is a bill which requires businesses to put new policies and procedures in place to protect personal information, including privacy policies, security protections, and facilitation of consumer rights. The CCPA protects the following consumer rights:
- Right to refuse the sale of their information
- Right to request deletion of their data
- And the right to know all data collected on them
- Includes data categories and why it’s being acquired before it’s collected, as well as any changes to collection
- Right to know the categories of third parties with whom their data is shared, and those from whom their data was acquired
- Mandated right to opt-in before the sale of information of children under the age of 16
- Private right of action in the event of a breach, in order to ensure companies keep their data safe
The Attorney General of the State of California enforces the CCPA. If a consumer requests any of the above, the business has 45 days to respond to the consumer’s request. In the event of a breach, any damages caused by the breach are limited to $750 per incident, per consumer. The official CCPA also allows businesses a 30-day window to amend any violations. However, they must prove they’ve been amended and that no more breaches will occur. Otherwise they could face penalties of up to $7,500 per intentional violation.
How Does the CCPA Affect Small Business?
This bill applies to for-profit businesses who collect the personal data of consumers, do business in the State of California, and meets the following requirements:
- Earning more than $25 million in revenue per year
- Has possession of the personal information 50,000 or more households, consumers, or devices
- Derives 50% or more of its annual revenue from selling personal information
- Including businesses which collect or sell personal data from California consumers regardless of where the company is located
Most small businesses bring in less than $25 million in revenue per year. For companies with fewer than 100 employees, the average revenue is actually much closer to $7 million per Quickbooks. So while it may seem like most small businesses are exempt from the bill, they should still take care to prepare for the changes. In fact, the CCPA encourages small businesses to get ahead of their future growth by evaluating how they protect personal data within their business.
California Consumer Privacy Act Goals
The overall goal of the new law is to raise the bar when it comes to consumer rights by emulating the EU’s GDPR. However, the lack of awareness is staggering and implies that there will be a general lack of compliance which may result in hefty financial penalties. It’s important for businesses to have stringent practices and processes in place when it comes to consumer data protection. California is just one state, however, we expect that other states will pass similar laws across the country over the next several years. Both Nevada, New York, Washington, and Texas are all introducing similar consumer protection bills and the federal privacy law is under consideration as well.
This means that it’s extremely important for all businesses to get on board with protecting consumer data so they don’t find themselves scrambling when it comes time to do so. A good place to start is by reviewing the following business areas such as:
- Personal data processing
- Information security
- Honoring access requests
- and any other applicable rights or requirements
These new regulations provide businesses with an opportunity to improve security and operations.
All businesses should strive to follow consumer protection laws, even if they don’t quite meet the requirements. With ever-changing laws, working toward compliance now will make an adjustment at a later time less stressful. For those businesses that do meed the CCPA requirements and those who don’t but wish to begin their compliance journey, here’s what they’ll need to do to be CCPA compliant:
- Give customers a link to a web page titled “Do Not Sell My Personal Information” allowing consumers to opt out of the sale of their personal data
- Offer two or more ways to submit information requests, including a toll-free phone number as well as a web page
- Give consumers the option to have their personal information deleted completely and to direct any service providers to delete personal information for the consumer from their records as well
When a resident of California makes an official verified request to a business, then that business must answer the request by disclosing the following either electronically or via the mail:
- Specific pieces of personal information collected about the consumer
- Categories of personal information collected about the consumer
- Business purpose of collecting or selling the information
- Categories of sources from where the information was collected
- Categories of the 3rd parties with which the information is sold or shared
Reliable Data Collection You can Trust
With so many data collection companies in existence, it’s important to understand who your company can trust. No matter the size of your business, you want to ensure any consumer data you use complies with all state and federal laws. This is something you can count on when working with DataMasters. We go through every effort to ensure our data is up-to-date and compliant with each law. Consumer protection is of the utmost importance for both the consumers and the companies collecting the data.
Data is a vital component in reaching target customers. And, one of the best ways for small companies to use data is with targeted mailing lists. But the last thing any business owner wants to do is put their own company at risk. This can happen by using data that was obtained or sold out of compliance with the law. If you’re in need of targeted mailing lists to reach new potential customers then call the data experts at DataMasters. They can assess your needs and offer you a variety of options that meets your needs while still complying with all consumer protection laws on both the federal and state levels. We want to bring customers and companies together in a way that truly benefits both parties.