CCPA Data Privacy Regulations For Residents Of California

Author : Ayruz

Insight by: Ayruz

What is CCPA?

California Consumers Protection Act 2018 (Also referred to as CCPA) is a data protection act which is designed to protect the data privacy rights of the citizens residing in the state of California. It will allow consumers to force companies to tell them what personal information they have collected, which means it gives more control to consumers. It also lets consumers force companies to delete that data or to prevent them from sharing it with third parties.

When CCPA goes into effect?

California Consumer Privacy Act (CCPA) will have a significant global impact like the General Data Protection Regulation (GDPR). This California state law that was passed in June 2018; however, it doesn’t go into effect until January 1, 2020. The scope of its enforcement is for the Attorney General of California to specify no later than July 2020.

Who Does this affect?

Primarily, CCPA applies to three types of companies, such as :

  • All companies in the world that serves California residents and have at least $25 million in annual revenue.
  • Those companies which obtain personal information of at least 50,000 California residents, households, and /or devices per year. 
  • Companies of any size, who don’t have to be based in California or have a physical presence there to fall under the law; however, are related to California in one way or another, in terms of a regional office, customers. 

What is important in CCPA?

When the CCPA goes into effect, consumers will gain additional rights concerning their personal information that companies gather about them like their name, address, location, websites frequented, etc. In particular, the consumer will be allowed to:

  1. Know what personal information companies are collecting about them.
  2.  Say no to the sale of their personal information.
  3. Access their personal information that is collected.

Companies are required to provide equal service and pricing to customers who exercise their privacy rights. This is to ensure that companies do not treat customers differently through raising prices or discriminating in services provided if they ask about their personal information.

What are the penalties for non-compliance?

The CCPA is enforced primarily by the California attorney general, who may seek civil penalties of up to $2,500 per violation or up to $7,500 per intentional violation. The law, however, also provides a private right of action for certain data breaches arising from violations of California’s data security law. Affected California residents can seek $100 to $750 in statutory damages per individual per incident or actual damages, whichever is higher.

What happens if your company is not in compliance with the CCPA?

Companies have 30 days to conform with the law once regulators inform them of a violation. If the issue isn’t fixed, there’s a penalty of up to $7,500 per record.

Is CCPA the same as GDPR?

Both laws give individual rights to access and delete their personal information, require transparency about information use and necessitate contracts between businesses and their service providers. However, the CCPA covers fewer businesses and affords broader rights to a more limited class of individuals than the GDPR. While both the CCPA and GDPR require detailed privacy notices, the required content of those notices differs. A privacy policy that meets the requirements of the GDPR will likely not satisfy the CCPA’s requirements. The CCPA requires different privacy policy disclosures compared to the GDPR, including data sales using a broad definition of “sale.”

Notify of
Inline Feedbacks
View all comments