With the continued rise in consumer data breaches and big data companies selling customers data without any kind of regulations, the privacy concerns are growing in general and the state of California has passed the California Consumer Privacy Act (CCPA).
It starts to take effect on the 1st of January 2020.
The CCPA focuses exclusively on data collection and privacy and is roughly in line with the provisions of GDPR. The law explicitly mentions that it’s in response to the misappropriation of Facebook data of at least 87 million people by Cambridge Analytica.
KEY COMPONENTS OF CCPA
According to the text of the consumer privacy act, which is also known as AB-375, the law gives Californians the right to:
- Know what personal information is being collected about them;
- Know whether their personal information is sold or disclosed and to whom;
- Say no to the sale of personal information;
- Access to their personal information;
- Equal service and price, even if they exercise their privacy rights.
Companies that fit the following descriptions have to honor those rights granted to Californians:
- Businesses with annual gross revenues of at least $25 million;
- Data brokers and other businesses that buy, receive, sell or share the personal information of 50,000 or more consumers, households, or devices;
- Business that get the majority of their annual revenue from selling consumers’ personal information.
The CCPA gives citizens the right to bring a civil action against companies that violate the law and stipulates that damages will be between $100 and $750 or higher if more damage can be proven.
Plus, the state can bring charges against a company directly, levying a $7,500 fine for each alleged violation that isn’t addressed within 30 days.
Prepare, and prepare now! With GDPR running since May 2018 and the California Consumer Privacy Act of 2018 coming into force in less than a year, marketers must prepare for these new consumer rights to unprecedented access to their data.
“While the California legislation doesn’t reach quite the same scale as GDPR, an overwhelming majority of businesses will be impacted by the nature of conducting business in California, and it is inevitable that other states (like Georgia) — and perhaps even the federal government — will follow suit in pursuing similar laws in the 18 months ahead,” said Jonathan Lacoste, Jebbit’s president and co-founder.
“While some American businesses could get away with delaying their response to GDPR, they cannot afford to delay here. We’re seeing countries outside Europe and North America catch on, too, like India, which recently introduced a data privacy framework.”
This “privacy parade” is long overdue, Lacoste said, and it is necessary because it will force companies to do what is right and what consumers deserve. “California’s action should provide the impetus companies need to shift their behavior,” he added, “but it will likely be the federal government that will ultimately wield enough power to hold businesses accountable.”
It’s important that you start thinking solutions for your company, don’t wait until the last minute. Preparation is the key to successfully honor these rights and deliver a good service to your clients and their data information.
Also the GDPR is similar so you can search for examples and how Europe is in compliance.