A new data privacy law came into force on January 1, 2020. It affects companies and organizations that gather and use personal information and data about California citizens. The California Consumer Privacy Act (CCPA) is created to provide residents of California better control over their personal information. This is done by requiring organizations to become transparent regarding any data that they gather and store about their consumers.
CCPA – What is It?
The California Consumer Privacy Act (CCPA) refers to the data protection law enacted by the State of California. This was done as a response to the growing concern of the public regarding the current and possible abuse of personal data use. CCPA offers the residents of California better control and visibility over the information that applications and websites gather about them. Up to $7,500 in fines may be levied for every violation.
The personal data covered by the CCPA includes:
- Data directly provided by the users through online forms
- Data collected using tracking tools as well as other related technologies
This could mean huge fines for different sizes of companies as we take into consideration the number of consumers which could be affected by this new act. It also complements current existing privacy regulations in the state, including the California Online Privacy Protection Act (CalOPPA), while also introducing new requirements across the following main areas:
What You Need to Know
One thing that you should be aware of is that you have the right to know. This is particularly applicable when companies start collecting personal data and selling information. Residents in California have the right to know and ask about whether their personal data is sold by organizations and companies. They also have the right to remove their names from the list of such a sale. In order to do so, companies need to make the process of opting out as straightforward and simple as possible. This could come in the form of a link for ‘Do Not Sell My Personal Information’ located in a visible place on your website whenever personal data is collected.
This link will bring the user to a page on the website where instructions are provided, along with the assurance that data is not sold. If a request is made by a consumer, they should not be discriminated by changing the price or quality of service or deny them access to your service. These actions will not only have a negative impact on the reputation of your business, but they will also be violating CCPA provisions, and you will be fined for this.
With this new act taking effect, organizations and companies will only be able to sell the data they have collected if the consumers have given their prior consent in doing so. This applies to California residents below the age of 17. Consumers aging 13 to 16 can also provide consent to the sale of their personal data. However, for children below 13 years old, they need to obtain the needed consent coming from their parents or guardian.
Consumers in California are provided with the right to access the personal data collected by companies about them. This means that they also have the right to request the deletion of their data. This can also be declined by the organization under specific conditions, especially when there is a need to keep their data so as to meet other requirements of the law.
With this in mind, we can take into consideration the challenges that this right has presented to organizations and businesses. Personal data of customers may be stored in a wide range of mediums for storage. For example, a cloud is a popular option for storing data. One reason for this is because of its scalability, while it has also become common among companies to store data in multiple cloud systems. Determining and reporting the data of a single user in those repositories is something that would need immense effort.
Companies need to provide users with different ways of submitting their requests. One such method is by providing a toll-free phone number. It is also up to the company to verify the identity of the individual who makes the request. It is up to the company to track the data of the users when they make such requests.
Organizations and companies experience a clear advantage when they are prepared for this new regulations in privacy. In fact, some have discovered that this approach has further opened up the possibilities of driving new revenue. This is not only by acting as a differentiator amidst a privacy-conscious market, but also by assisting in the reduction of long-term use of IT resources. At the same time, complying with the act and avoiding expensive fines can also prove to be a huge help to the company.