What is CCPA
California has been the leader in streamlining legislation and regulations for the safety of its residents for years — specifically when it pertains to data security. That’s why it’s no real surprise that they’re the first state to develop and pass a privacy act that puts securing consumers’ personal information at the forefront.
The CCPA — which went into effect January 1, 2020 — ensures that California residents have a right to learn what data companies collect about them and opt-out of their data being collected. They also have the power to ask companies to delete any stored data and restrict the sale of their personal data. This applies strictly to California residents. While the full impact of this act is still being determined, there are a few different ways that this will directly impact US businesses.
CCPA vs GDPR
Similar to GDPR, CCPA applies to a certain group of people. GDPR impacts anyone targeting EU data subjects, while the CCPA protects California consumers. Even though targeted individuals may be slightly different, both regulations protect natural persons compared to legal — or artificial — persons.
GDPR focuses on ensuring businesses are prepared for data breaches and that they take the right steps if one occurs, but instead of the proactive approach, the CCPA focuses on the punishments of what can happen to a business if they experience a data breach. Consumers in California have the right to sue a business for losing their information in a breach if negligence was involved.
Perhaps the most major difference is how each regulation treats opt-out requests. The GDPR does not actually require businesses to opt-out of selling personal data, rather they allow for data subjects to remove their consent for data processing activities and third-party marketing activities. The CCPA — however — makes sure that businesses and service providers comply with consumer’s opt-out requests and cannot sell their data for a minimum of 12-months after the consumer opts out.
3 Ways CCPA Can Impact Your Business
So, what does all this mean for your business? If you don’t currently do business with anyone from the state of California, and you don’t plan to ever do business with anyone from the state of California in the future, then it doesn’t mean anything — yet. Just like CCPA passing fairly soon after GDPR, you can expect that most other states will follow their lead in the near future. Until then, you can prepare for compliance — along with anyone else doing business with California residents — by making these three changes:
2. Comply with consumers’ opt-out requests. It can be frustrating to lose valuable user data — especially when you’re trying to be helpful and show users related items that you think they may want — but it can be even more frustrating for a consumer to request information be deleted and find out that it has not. Respect their choice and strictly comply with regulations set by CalOPPA, CCPA, and GDPR.
In some cases, you may not be able to delete stored data because it’s being used for administrative purposes or legal reasons. If that is the case, you must respond to consumers’ requests within 45 days. This can be extended to 90 days after consumer notification.
3. Do not reauthorize the selling of personal information until more than 12-months after the consumer has opted out. A lot can change within a year, but what shouldn’t change is how you handle the data of a consumer who has opted out of your data storage and sales.
The Symphony Agency Helps You Remain Compliant
We’ve worked with hundreds of businesses across the medical, legal, cybersecurity, and HVAC industries, so we know the importance of secure data and meeting compliance regulations. We strive to help our customers become or remain compliant by implementing best practices across our website development projects.
*This blog post was written to provide general information about privacy policies and CCPA compliance. For more information, visit the links provided.