The California Consumer Privacy Act (CCPA) comes into force in January 2020 and it is important to take steps to prepare for the new legislation. Since GDPR came into force, EU consumers have developed a greater awareness of their rights pursuant to the regulations, and expect businesses to comply accordingly. The same is bound to happen in the US as the introduction of new regulations, such as CCPA, will make consumers more aware of their rights and the importance of ensuring their personal data is not mishandled.
Be prepared for:
Hypersensitivity from consumers regarding how their data is used
A stream of communications from consumers in the months following the implementation of the Act
Consumers misunderstanding parts of the Act and making demands which exceed the scope of the Act
An expectation that consumer-facing staff know the details of the Act
An eagerness to take action against non-compliant businesses
California Assembly Bill No. 375, also known as the California Consumer Privacy Act of 2018 (the “Act”), was approved and passed on June 28, 2018 and comes into force on January 1, 2020. Here we attempt to dissect the CCPA 2018 and help establish who actually is required to comply with the Act.
Who does the Act apply to?
The Act applies to any business, partnership, company, corporation or other legal entity (“business”) operating for profit that collects personal information from consumers in the State of California, but only if one of the following applies to the business:
It acquires 50% or more of annual revenue from selling consumer information
It has gross annual revenue of $25m or more
It sells personal information belonging to at least 100,000 consumers
If a business meets one or more of the provisions above, it must comply with the Act.
The meaning of data can be as broad as any information, from health records to a lunch order. Different kinds of data are subject to different laws with varying levels of severity. Data about a person’s health, for example, is subject to a strict set of regulations known as HIPAA. Here is some guidance on protecting your clients’ and colleagues’ data through five basic data privacy rules.
The key data principles
While specific rules on data can vary by state and jurisdiction, there are some basic rules that should always be followed. You need to be aware of these because everyone in an organization is responsible for protecting the data held on employees, customers and clients.
Data Privacy: Fundamentals provides all staff with a comprehensive overview of data privacy rules, policy, and legislation in the United States. The course combines short bursts of learning with practical scenarios and real-life case studies to ensure all staff know how to safely and securely work with data. Interactive scenarios test and score data privacy knowledge as you progress through the training.
A unique, experiential approach to data privacy, the Fundamentals course focuses on the practical knowledge and straightforward behaviors all staff need to know to keep data safe and secure. The course can be purchased either as a stand-alone course or as part of our data privacy training suite.
While EU businesses must now comply with GDPR, the majority of American based organizations are unaware of the preparation it takes to be compliant with the new privacy laws that are slowly becoming the norm. California has adopted a law similar to GDPR called the California Consumer Privacy Act, set to take effect on January 1st, 2020. Our California Consumer Privacy Act whitepaper goes into more detail about the Act and how it can affect your business.
California Bill No. 375, also known as the California Consumer Privacy Act, was
approved and passed on the 28th of June 2018. While it won’t come into effect until
January 1st, 2020, it is necessary for all organizations involved to have a comprehensive understanding of the law’s requirements and what is expected of them. The Act is applicable to any business, partnership, company, corporation, or legal entity that operates for the purpose of profiting as well as collects consumer’s personal information from the state of California. While The Act has certain similarities to the EU’s General Data Protection Regulation (GDPR), it’s conditions are somewhat different.
VinciWorks has published a whitepaper that explains the California Consumer Privacy Act and gives guidance on how businesses can comply with The Act.
Many companies sent consent emails as GDPR appraoched in May, with many others doing so in the following weeks
25 May, when the EU wide General Data Protection Regulation (GDPR) came into force, is fresh enough in our minds for us to remember the countless “are you still our friend?” emails from marketers. Many marketing professionals, managers and data protection officers will also remember the panic they faced when preparing for GDPR. As the influx of GDPR emails continued to flood in and cookie notifications started to pop up with increased regularity, skepticism started to mount amongst marketers and managers alike. Have the new regulations helped or hindered business’ sales and marketing efforts?
Your website can be accessed from around the world
How often have you got this message when trying to access a US-based website from an EU country?