Header image of What Does the California Consumer Privacy Act Mean (CCPA)?

January 10, 2020 | Lucy Penn

What Does the California Consumer Privacy Act Mean (CCPA)?

The CCPA came into effect on January 1 2020 to help enhance the privacy rights of California residents.

In short, it takes a broader view than the GDPR as to what constitutes ‘private data’, however it will likely have more repercussions on US companies than GDPR.

What is it?

It will enable any California consumer to obtain all of the data a company holds on them, as well as a list of all the third parties that the data has been shared with. If privacy guidelines have been violated then consumers will be able to sue companies.

Who needs to take action?

“All companies that serve California residents and have at least $25 million in annual revenue must comply with the law. In addition, companies of any size that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data, also fall under the law.”

https://www.csoonline.com/article/3292578/california-consumer-privacy-act-what-you-need-to-know-to-be-compliant.html

It’s important to note that companies don’t have to be based in California or even the US to comply with the law.

The CCPA grants Californian residents:

Knowledge of what personal data is collected of them
Know if data is sold/disclosed and to who
Rights to say no to sale of personal data
Access to their own personal data
Request a business to delete personal information about a consumer collected from that consumer
Not be discriminated against for exercising their privacy rights

Sanction and Remedies

If a company makes a violation then they will have 30 days to ensure they are compliant. If issues aren’t resolved then they could face a fine of $7,500 per record. There are other sanctions and it’s likely that fine amounts will change.

What Action Needs to be Taken?

Companies must have a ‘clearly visible’ footer on their website offering consumers the option to opt-out of data sharing. Companies must also state how they collect data and be able to access copies of that data should a consumer request this.

Companies serving/employing Californian residents may have to consider these:

  • Data inventory and mapping of in-scope personal data and instances of “selling” data
  • New individual rights to data access and erasure
  • New individual right to opt-out of data selling
  • Updating service-level agreements with third-party data processors
  • Remediation of information security gaps and system vulnerabilities

How is PageSuite Co-Operating?

We are enabling clients to add additional sections within the settings menu on their Digital Editions and apps, to house Privacy Policies, opt-out links and general information on CCPA.

We are also able to implement custom cookie tracking to ensure that clients adhere to the new guidelines, such as not tracking user data for personalized adverts if users have opted out.

If you have any specific requirements to ensure that you are compliant with the CCPA please speak with your Account Manager.