California Consumer Privacy Act (CCPA)
What Is the California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a new California privacy law that will go into effect on January 1st, 2020. The CCPA came into being as Facebook became a key player in the Cambridge Analytica data breach debacle of 2018. As consumers gained unprecedented awareness of the power and pervasiveness of data collection, a slew of tech giants in Silicon Valley, most of whom collect, use, and resell consumer data, were put under tight scrutiny.
While the state of California was placed under intense pressure to protect the interest of consumers, a ballot measure gathered momentum. The ballot, which was backed by around 600,000 voters, imposed constrictive limitations upon businesses. To deflect it, California lawmakers expedited the passing of bill AB 375, which came to be known as the CCPA.
This bill somewhat softens the harsh requirements imposed by the ballot measure, and it is easier to modify, but this does not mean that the CCPA is not stern. As it is currently written, it is the strictest data privacy law yet to be passed in the United States. Businesses that have become ready to comply with Europe’s GDPR are not necessarily ready to comply with the CCPA. Read on to find out about the details of this law, and how it affects your business.
Protecting Offline Data
Undoubtedly, the CCPA has a strong focus on digital data. Since it came to existence in a state that hosts several “tech giants” that usually deal with vast amounts of consumer data, that is to be expected. However, all businesses leave a paper trail: think of contracts, tax documents, policies, blueprints, spec sheets, contact forms… When it comes time to limiting the liability of your business and securing the data of your employees and clients, you need to schedule professional shredding services and professional hard drive shredding services.
How Does the CCPA Affect My Business?
The keyword here is scope. Several conditions need to be met in order for the CCPA to have any effect on your business.
The first set of conditions is geographical: your company does business of any kind within the state of California, and it collects or directs others to collect personal information from California residents. That is not enough, however, for the CCPA to apply to you. At least one of the following conditions needs to be met:
- The company has annual gross revenues higher than $25 million.
- The company handles data on at least 50,000 California residents.
- Your business generates more than half of its income from selling consumer data.
If your business is not currently affected by the CCPA, it is still wise to take progressive action towards compliance, especially if you plan on growing the company. Privacy laws can only become more commonplace; other states in the U.S. are already working towards creating their own regulations.
What You Need to Know About the CCPA
The CCPA affords consumers five key rights regarding their data. The first four rights concern the data of the customer, while the fifth right ensures that businesses cannot discriminate consumers based on whether they have exercised any of the first four rights. Know more about them below.
Right to Access
Consumers can request the categories and specific personal information collected about them in the last 12 months, and receive it within 45 days in a readable, shareable format. Businesses don’t need to comply more than twice every 12 months.
Right to Know
Consumers can request the sources from which personal information is collected, the commercial purposes for which the information is collected, and the third parties or business categories with whom the information is shared.
Right to Opt-Out
Consumers are able to request that businesses cease selling their data to third parties. In the case of minors under the age of 16, written authorization from a parent or guardian needs to be extended before selling any personal data.
Right to Delete
Consumers can ask for their personal information to be deleted within 45 days of their request. Doing this is not mandatory if the personal information is vital to providing goods or services to the consumer, or if needed for public interest.
PROSHRED® Security Is Your Compliant Shredding Partner
The last step in protecting the private information of your customers and employees is to destroy sensitive documents, hard drives, and other electronic equipment that you need to discard. The best way to do that is through a certified, compliant shredding partner like PROSHRED® Security. Our certified staff is ready to assist you with your shredding needs whenever you want. The process is done on your premises for maximum security, and you will receive a certificate of destruction.