Does My Portal Need To Be CCPA Compliant?
What You Need To Know About The California Consumer Privacy Act (CCPA)
The California Consumers Protection Act was signed into law on June 28, 2018, by Governor Jerry Brown. Learn how the CCPA will affect your business, website, portal, and customers.
Note: The information contained in this article is provided for informational purposes only and should not be construed as legal advice.
What is CCPA and What Does CCPA Stand For?
CCPA stands for California Consumers Protection Act 2018. It is the most recent personal data protection law passed by the State of California as a response to the increased role of personal data in contemporary business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.
The California government leads among the US states in passing laws aimed to protect the right to privacy of its residents.
When does the CCPA take effect?
The CCPA goes into effect on January 1, 2020, with enforcement beginning July 1, 2020.
Who does CCPA apply to?
The CCPA applies to every company in the world if:
- They collect personal data of California residents
- They (or their parent company or a subsidiary) exceed at least one of the three thresholds:
- Annual gross revenues of at least $25 million
- Obtains personal information of at least 50,000 California residents, households, and /or devices per year
- At least 50% of their annual revenue is generated from selling California residents’ personal information
If your business meets any of the above three thresholds and interacts with California consumers, you will need to account for the requirements in the law.
What is personal data according to the CCPA?
CCPA defines personal data as any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This law differs from others by including household information in the scope of the definition of personal data.
Personal information may include but is not limited to name, email address, biometric data, IP address, Internet of Things information, geolocation data, professional or employment information, and other information.
Publicly available information is not considered personal information under the CCPA.
What are the penalties for non-compliance?
Non-compliance with the CCPA puts you at risk of huge fines. You can expect the Attorney General to initiate a civil case against you if you remain non-compliant after 30 days upon being notified about it. This brings a risk of being fined up to $7500 per violation.
It means that if you violate the CCPA-guaranteed rights of 1000 users, you might receive a fine of up to $7.500.000 in total ($7500×1000 users).
If your business meets any of the criteria mentioned above, you will need to account for the requirements in the law to ensure you are CCPA compliant. Please contact your lawyer with respect to any of the matters discussed here.
Here are some helpful resources if you want to learn more about the requirements outlined within the CCPA.