California Consumer Privacy Act - FAQ
Here are some facts you should know about CCPA.
What is the California Consumer Privacy Act (CCPA)?
The CCPA, a landmark privacy law became effective on January 1, 2020. As of this date, consumers are be able to demand that companies disclose what personal data they have collected about them and ask companies to delete that data.
The CCPA allows consumers to force companies to tell them what personal information they have collected. It also lets consumers force companies to delete that data or to forbid them from sharing it with third parties. Meanwhile, companies will have to do more to tell consumers upfront about what data they collect. Those companies will also have to put a button on their website that allows consumers to state they do not want their personal data sold, and further demand a company delete their data if asked to do so.
What the CCPA means for businesses?
The CCPA applies only to large companies or those that make the sale of data a core part of their business.
More specifically, there are the three types of businesses that are covered:
- Companies with more than $25 million in gross revenue
- Businesses with data on more than 50,000 California consumers
- Firms that make more than 50% of their revenue selling consumer data (i.e. data brokers)
What are the risks of non-compliance?
The CCPA calls for penalties of up to $7,500 for each intentional violation and $2500 for those lacking intent.
In the end CCPA (like GDPR) will change how companies view data. In the past, firms adopted a "data is gold" mentality and made an effort to collect as much personal information as possible, but that is now changing, and CCPA will force companies to reconsider what data the collection, and be more careful of how they retain it.