Are You Compliant With The New California Consumer Privacy Act?

As we look back on the passing of another decade, and the vast technological advancements that were made during this short period of time, it’s no surprise that the laws have also been slowly evolving to respond to our new reality.  In this technological age, information has become the biggest commodity.  Governments are creating laws aimed to protect the personal information of its citizens and alters how businesses gather and use the information of their customers.   

Many businesses target the consumer-friendly state of California.  It’s important to know that California has recently enacted the California Consumer Privacy Act (CCPA) which is aimed at protecting the personal information of its residents.  The new CCPA came into effect on January 1, 2020, and will have a ripple effect on not only the citizens of California and their personal information but also on the many businesses that operate inside California or with California residents.

The new CCPA applies to major businesses that either 1) surpass a yearly revenue of $25 million, 2) buy, sell, share or receive personal information of at least 50,000 consumers, households or devices, or 3) generate half of their profit from the sale of personal data. Most businesses will fall under the second category.  For example, an e-commerce business that places cookies would need only 137 visitors per day to fall under the purview of the CCPA.  If your business meets any one of these criteria, then you will want to review and update your data privacy policies immediately to avoid paying the penalties and fines for violating the new regulations.

The five key CCPA requirements are:

  1. Data inventory and mapping of in-scope personal data and instances of “selling” data
  2. New individual rights to data access and erasure
  3. New individual right to opt-out of data selling
  4. Updating service-level agreements with third-party data processors 
  5. Remediation of information security gaps and system vulnerabilities

If your business is targeting U.S. customers and you need assistance with crafting or updating your company’s data privacy policies, contact us for more information.