Consumer privacy and the way companies manage personal data are top-of-mind subjects for much of the world after the GDPR was enacted and enforced. While the European Union has placed formalized actions for the regulation of how data is stored, collected, and transferred, the United States has still not enacted any formal regulations nationwide.
Recently California enacted its own comprehensive privacy law, the California Consumer Privacy Act (CCPA). This act will significantly limit how organizations handle, store, and use consumer data. The CCPA requires businesses to be more transparent, which includes giving consumers the ability to delete collected data as well as providing them with the option to opt-out of the sale of their information.
Like GDPR compliance, many of the CCPA’s provisions require the disclosure of data collected or sold over the preceding 12-month period. Full compliance with the CPPA will require significant resources and planning or lead-time to ensure coverage. While the law does not go into effect until January 1, 2020, the requirements resulting from this change should become a critical priority for your business. Companies should be prepared to not only take steps for compliance in 2019 but also should have a plan in action to monitor ongoing additional legislation.
While the CCPA seems to be a looming cloud over all businesses, there are a few factors that need to be met in order for your company to fall under the scope of the CCPA. First and foremost, your business needs to operate in California or collect information from California residents. If that is the case, you need to consider additional factors. Does your company have the data of a minimum of 50,000 California residents? Does your business generate 50% or more of annual income from the resale of consumer data? Finally, does your company incur annual gross revenues more than $25 million a year? If you currently conduct business in California but do not meet any of the standards above, then your business should not feel the larger ramifications of the CCPA.
While the effect of CCPA may not directly impact your current business, it is wise to stay proactive with a secure data protection strategy. Ensure your customer and employee data is in trusted hands and consider a certified, compliant shredding partner such as PROSHRED® Security. Trained and certified staff provide on-premise document, hard drive and other electronic equipment destruction with a customized plan that works best for you.Contact your local PROSHRED® Security team today to begin.
Find a PROSHRED® Location