What The CCPA Does For You Online

    As from January 1, 2020, the California Consumer Privacy Act came into effect as America’s first privacy law aiming at improving how much control data subjects have over their data and force them to be more transparent with how they process personal consumer data. Personal data, in this case, extends to usernames, physical addresses, contact information, IP addresses, and device identifiers.

    The new law empowers consumers to access the data that companies have collected on them, demand that it can be deleted, and prevent it from being sold to third parties. CCPA is currently one of the most progressive and firmest data protection laws in US history, mirroring similar principles as the General Data Protection Regulation (GDPR) in Europe.

    What Is The CCPA?

    The California Consumer Privacy Act (CCPA) is state legislation enacted to strengthen privacy rights and consumer protection for California residents. Its initial propositions were from a California entrepreneur who understood the limitations of data privacy laws, including the Shine the Light Law and the California Online Privacy Protection Act, as technology and social media companies were able to gather and sell their user’s personal data for targeted online marketing.

    What initially began as a voter initiative passed approval in the two chambers to become legislation aimed at protecting the collection and use of personal consumer data. Entities with an annual revenue threshold of $25million conducting business in California or with Californians should comply with the provisions of the Act.

    Impact Of The Law To Internet Users

    CCPA act

    Under the provisions of the CCPA, California residents have the right to know the categories of information, including specific bits of information a company has collected, such as contact addresses and IP addresses.

    The disclosure requirements could extend to all internet users across the globe and not just to Californians. It is hard for companies to alienate California residents only; hence will be forced to apply the requirement across borders.

    In many ways, CCPA will strengthen data security features that some companies such as Facebook have complied with, such as the GDPR.

    Rights Granted Under CCPA

    CCPA protects data privacy for Californians by granting them the right to;

    • Delete personal information held by businesses and related parties
    • Know the type of personal information collected and how it is used, shared, or sold
    • Opt-out of the sale of personal information and prevent discrimination in regards to prices and services in the event a consumer opts put
    • Provide opt-in consent for children under the age of 16 and guardian consent for those below 13 years

    Compliance Steps And Guidelines

    CCPA act

    Businesses covered under the provisions are expected to comply with the requirements provided under the Act in regards to data privacy before July 1, 2020, when the enforcement begins. The following steps act as a guide towards compliance

    • Familiarize yourself with the CCPA Requirements

    The most crucial step towards compliance is to understand each requirement of the CCPA to know the scope of your business covered. Based on the nature of your business in terms of revenues, business activity, and data handled, you will narrow your compliance scope. Taking time to read and understand the entire document will save you time and resources for when the audit commences in July

    • Consider CCPPA Context

    Your compliance checklist should include an overview of all other frameworks you comply with, in particular, the GDPR, with the aim of overlapping the requirements. Invest in good compliance software to help you compare and contrast the various compliance efforts so that you do not omit requirements in context.

    • Map Your Data Flows

    Mapping your data means conducting an in-depth analysis of knowing the source of your information, what form it takes, and where it is disseminated and used. In particular, check your vendors, business partners, and third parties to know if they comply with legal requirements as their non-compliance can trickle down to your organization. Understand your data assets and data flows before proceeding to answer any customer request to access and delete their data. An insight will financially cripple your organization.

    • Convene Your CCPA Team

    CCPA is complex and trying to breakdown every requirement will be a complex and daunting task for your employees. Convene a team of risk and compliance professionals, legal staff, IT experts, human resource leaders, and security teams to help your employees understand the provisions of compliance.

    GDPR requires organizations to have a data protection officer to aid in the compliance process, and since CCPA is technically GDPR Lite, it would be in the best interest of your organization to have an expert to aid in compliance.

    • Legal implications

    Non-compliance to the requirements of CCPA attracts civil fines of $2,500 per violation and /or 7,500 if the violation is deemed intentional. To file a lawsuit against a company that has violated your consumer rights, you must be able to prove beyond a reasonable doubt that the company’s lack of reasonable security procedures and practices required to be applied to that information caused the breach of the data.

    Starting July 1, 2020, the office of the attorney general in California is mandated to investigate and charge companies suspected to be in violation of the law. Before charging the business, the AG must give the company 30 days to become compliant failure to which the injunction and civil penalties are applicable.

    What Is Next?

    CCPA act

    California, through CCPA, benchmarked data privacy laws in the United States. Many states are following suit to get their own data privacy laws. This puts a greater responsibility on companies gathering their user’s data, making them accountable for any mishandling.

    CCPA will not only empower users but also dissociate them with collected data in the event that it is to be used, thus helping in anonymizing data. With the increasing awareness for data privacy across the globe, more data privacy acts will come into existence.

    Until then, CCPA and GDPR continue to act as essential pillars of data privacy, paving the way for the global fraternity to come up with unified laws regarding data security.


    Recent Articles

    The Agile Team’s Project Toolbox

    Modern project managers not only deal with increasingly complex teams but also a marketplace in constant flux. Success depends on the ability...

    How will the Future of eLearning Look Like? 4 Technologies Ruling in 2020

    When we think about education, does this mean that we will eventually live in a world where learning feels more like a...

    Looking For Switch Designs? 5 Reasons To Upgrade To NEO Today

    Are you moving to a new house planning to renovate your current home or a business facility? No matter the kind of...

    Top 7 Definitive Ways to Spy on Snapchat

    Snapchat is definitely becoming a rage and coveted app with teenagers and social media enthusiasts.  From being a promising medium for data...

    Why are people investing in Fresh Singapore fruit delivery to your doorstep

    In the past few years, the only way to buy fresh fruits was to visit your local seller. Today, the internet has...

    Related Stories

    Stereo Maxine
    A longtime digital entrepreneur, Steve has been in digital marketing since 2010 and over the past decade, he has built & executed innovative online strategies for leading companies in car insurance, retail shopping, professional sports, and the movie & television industry.

    Leave A Reply

    Please enter your comment!
    Please enter your name here