What is the CCPA:
The general purpose of the California Consumer Privacy Act (CCPA) is similar to the EU’s GDPR; increased consumer privacy. CCPA allows consumers to request any information that a company has obtained about them. Even if a data breach has not occurred, consumers have the right to sue a company if privacy policies are violated.
So, who does CCPA affect?
CCPA applies to companies that meet the following criteria:
– Earn at least $25 million in annual revenue; – Have personal data on at least 50,000 households, individuals, or device; – Earn 50% or more annual revenue from consumer personal data
Companies do not need to be based in California or the U.S. for that matter to fall under CCPA. Specific exemptions apply to healthcare providers and others.
What changes do Marketers need to implement?
Under the CCPA, consumers have additional rights pertaining to their data, including the power to request customer data. To comply, marketers must be prepared to…
– Share what information you collect on them – Disclose to whom you have sold or shared their information – Cease the sale of their personal information (“the right to opt out”) – Delete their personal information – Provide equal service and/or price even when they invoke their rights
CCPA does not explicitly require consumers to opt-in to allow you to collect their data, which is a critical difference from GDPR. A company that is found to be not in compliance with CCPA has up to 30 days to remedy the violation, or be faced with a $7,500 fine per record. While organizations have quite some time to prepare for these process and regulatory changes, it is critical to comply with CCPA to avoid hefty fines. Here are multiple steps that organizations can prepare in order to comply: