The California Consumer Privacy Act (CCPA), a first of comprehensive data-privacy legislations
in the US, was introduced in 2018 and has been enforced from January 1, 2020 by the State of
California. The legislation seeks to establish the procedure for identifying, managing, securing,
tracking, producing and deleting consumer privacy information so as to protect the privacy
rights of the users.
Scope of CCPA Regulation
CCPA includes within its ambit the entities that do for-profit business in the territory of California involving the personal data of the Californian resident where the business meets one of the thresholds:
- annual gross revenue over US $25 Million;
- receive or disclose the personal information of 50,000 or more California residents;
- or derive 50 percent or more of their annual revenues from selling California residents’ personal information.
This legislation operates for the protection of person data which has a broad interpretation, including items such as phone numbers, social security numbers, biometric information, and Internet Protocol (IP) addresses.
CCPA puts various obligations on the business entities to ensure protection of personal information from unrestrained transfers and processing.
- They are also obligated to ensure that consumers are provided the information relating to the processing of their personal data.
- In the interest of maintaining transparency consumers must be notified before or at the point of data collected that the permission is being asked to collect the specified data.
- The consumers have to be granted the right to access the personal information that the entity holds.
- It is the obligation of the entity to lay down the procedure for making requests and similarly, an opt out option for “Do Not Sell My Personal Information” must be maintained by the entity to enable the exercise of the consumer rights.
- A data Inventory has to be maintained by the entity to track data processing history.
Corresponding to the obligations laid down under CCPA, there is a provision for the imposition of penalties for accountability and compliance under the regulation. The strictness of the penalties varies with the intent, frequency and severity of the non-compliance by the entity. CCPA mandates maximum civil penalties of $7,500 for intentional violations of the CCPA whereas maximum civil penalties of $2,500 can be ordered for unintentional violations of CCPA.
Benefits of the CCPA Compliance Program
As part of our CCPA compliance program, we help you to:
- Comply with California Privacy Laws efficiently and effectively.
- Recognize, Access and Strategize Personal Data within your organization
- Adapt, Improvise and leverage your existing privacy compliance in order to comply with CCPA
- Respond to Data Subject Rights and Fulfil Business obligations under CCPA
- Policy and Notice Management and maintain data privacy structures within the organizations.