The California Consumer Privacy Act (CCPA) And How IT Affects you
The California Consumer Privacy Act (CCPA) has been signed into law as of June this year and will take effect in January 1, 2020. Have you taken the appropriate steps to hit the ground running and guarantee your compliance?
Maybe not – after all, with any new, wide-reaching regulations like this, it can be difficult to determine how you fit into it and what you need to do.
What’s the best way to start? By understanding what the CCPA is, and how it works.
What Is The CCPA?
This privacy act dictates consumer rights and company responsibilities in relation to collected consumer data.
The law, AB 375, will allow any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. The law also allows consumers to sue companies if the privacy guidelines are violated. It’s important to note that consumers can take legal action, even if no breach has occurred.
Does The CCPA Apply To Me?
If you are a for-profit organization that operates in California and collects consumer data, then you may have to comply with CCPA. If you answer yes to any of the following questions, then you must comply with the CCPA:
- Do you have annual gross revenue in excess of $25 million?
- Do you annually buy, receive for the business’ commercial purposes, sell or share for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices?
- Do you derive 50% or more of your annual revenues from selling consumers’ personal information?
How Do I Comply With The CCPA?
CCPA dictates the tracking of device and household information or offering consumers the option to opt-out of the sale of their personal information. To comply, you must understand the five core requirements involved with the CCPA, all dictating how you are to collect, store, and access consumer data, as well as consumer rights involving that data:
- Data inventory and mapping of in-scope personal data and instances of “selling” data
- New individual rights to data access and erasure
- New individual right to opt-out of data selling
- Updating service-level agreements with third-party data processors
- Remediation of information security gaps and system vulnerabilities
What Happens If I’m Noncompliant With CCPA?
Penalties associated with CCPA are severe – even up to $7,500 per customer.
Think for a minute about how many customers you deal with – budgeting for that kind of cost likely isn’t feasible. Compare it to the cost of becoming compliant, and you’ll likely see why it’s smarter to invest in compliance right now.
All of this is to say, you need to make the effort now. Non-compliance is infinitely more troublesome and costly than taking the steps to become compliant in the new year.
Is The CCPA Going To Be More Work For You?
Yes, undoubtedly. But it’s necessary. It’s designed to protect consumers and allow you to continue to make the most of modern business advantages in the digital age.
The good news is that you don’t have to handle this alone. By working with an IT company like Generation IX, you can make sure you have the skills and knowledge you need to become compliant by the time CCPA comes into effect. While you may have never had to worry about this type of compliance before, our team has the experience needed to assist in your analysis and updates to help you get in line with CCPA.
Don’t forget – last year it was Europe, right now it’s California, but soon enough? It will be everyone. Similar regulations are in the works in a number of states from Hawaii to Mississippi and New York. This is where the world is headed, and if you don’t get on board soon, you will pay the price.
Like this article? Check out the following blogs to learn more:
Everyday, I work to ensure organizations are leveraging technology to optimize their business, improve employee performance and satisfaction, and protect themselves from cybersecurity threats. I love my role in business development because it allows me to connect with all facets of a business. My primary focus is working with new prospective clients and introducing them to the Generation IX way of IT services and support. Additionally, I evaluate new technology and potential vendor partnerships. We are constantly looking for the best solutions for our clients.