The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. The CCPA applies to any for-profit business doing business in the state of California; collects, or processes, personal information of California residents; and meets any one of the following thresholds: (1) has annual revenue of $25 million or greater, (2) annually processes the personal information of 50,000 or more California residents for commercial purposes (as defined under the CCPA), or (3) derives 50% or more of its revenue from selling the personal information of California residents. The CCPA provides California consumers with broad data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors.
Final CCPA regulations are now under review by the California Office of Administrative Law. The California Attorney General’s Office will begin enforcing the CCPA on July 1st.
The CCPA requires that businesses subject to the CCPA (among other things):
- Disclose data collection and sharing practices to consumers;
- Provide consumers with a right to request that their data be deleted;
- Provide consumers with a right to opt out of the sale or sharing of their personal information; and
- Refrain from selling personal information of consumers under the age of 16 without explicit consent.
Enforcement begins July 1, 2020, and every business that may be subject to the CCPA should be taking proactive steps:
- Determine if the CCPA applies to your business.
- Locate and inventory personal information data to understand potential risks and responsibilities under the CCPA.
- If your business sells personal information determine if you need to comply with CCPA requirements.
- Establish or review procedures for receiving and responding to individual data rights requests and opt out requests.
- Review third party service provider/vendor contracts for CCPA issues/compliance
- Establish or review and update procedures and training to comply with CCPA.
This is not an exhaustive list, but will give you a head start if the CCPA applies to your business.