What is the California Consumer Privacy Act (CCPA)?

The California Consumer Privacy Act (CCPA) is a state law that aims to improve privacy rights and consumer protection for California citizens. The bill amending Part 4 of Division 3 of the California Civil Code was passed by the California State Legislature and signed into law by Governor Jerry Brown on June 28, 2018. The bill was introduced by Ed Chau, a member of the California State Assembly and State Senator Robert Hertzberg, and is officially known as AB-375.

The CCPA puts several duties on enterprises comparable to those imposed by the European Union's General Data Protection Regulation (GDPR) (EU). Nonetheless, a company that currently complies with the GDPR may be subject to extra CCPA duties. Consumers have a number of rights under the CCPA when it comes to their data. These rights include knowing what is being handled and how it is being processed—the right to have personal information deleted and opt-out of having personal information sold.

Consumers now have the legal right to sue if their privacy has been violated as a consequence of a data breach. It all boils down to care and planning when it comes to keeping customer details safe. Data is a valuable commodity, and the consequences of failing to keep it secure are greater than ever. To optimize protection, audit your data, examine the methods with which you manage it, and adapt your strategy accordingly. It is your job as a business to safeguard your customers' information.

Who Must Comply with the CCPA?

A company is only required to follow the CCPA if it −

  • Has annual gross revenues of more than $25,000,000

  • Handles the personal information of 50,000 or more individuals, households, or devices for commercial purposes alone or in combination

  • Derives 50% or more of its annual profits from selling customers' personal information.

  • While some organizations may be opposed to compliance, the consequences of non-compliance are not worth considering, especially because observation has demonstrated financial benefits.

What Rights Does CCPA Provide to its Consumers?

CCPA provides the following rights −

  • Businesses have a right to know what personal data they gather, use, share, or sell.

  • A right to have personal data erased.

  • The right to prevent the sale of personal information. Children under the age of 16 must give express approval for their data to be sold, and children under the age of 13 must have explicit consent from a parent or guardian.

  • An assurance that customers who utilize their CCPA rights will not be charged higher costs or get worse service levels than those who do not.

What Information is Protected Under the CCPA?

As part of CCPA compliance, businesses must secure customer data. A company must demonstrate that the information that customers consent to share with them is safe. When customers refuse or revoke their consent, they must likewise cease collecting and sharing personal data.

Protected data, according to the CCPA, includes −

  • Names, addresses, and phone numbers are all listed.

  • Passwords, email addresses, and IP addresses

  • Age, wealth, education, and political connections are all factors to consider.

  • Social security numbers, driver's licenses

  • Names and numbers of accounts, browsing history, and geolocation data

  • Product and service information, as well as any personally identifiable information.

Exemptions in CCPA

Some categories of consumer information are excluded from the CCPA. The legislation, for example, exempts aggregate and de-identified consumer data that isn't linked to a specific customer or household. It also exempts certain sorts of information from other laws.

CCPA – Various Sanctions and Remedies

Companies, activists, groups, and others can exercise California residents' opt-out rights. Companies that are harmed by data theft or other data security breaches may be required to pay statutory penalties ranging from $100 to $750 per California citizen and incident, or actual losses, whichever is greater. Any other relief a court deems proper in civil class action lawsuits is subject to the California Attorney General's Office's option to prosecute the company rather than allow civil suits against it.

Each wilful violation is punishable by the punishment of up to $7,500. Each inadvertent violation is punishable by a fine of up to $2,500. Liability may also apply to firms perating in other countries that export goods into California. Enforcement is handled by the California Attorney General's office and the new CPPA. In very restricted cases, the CCPA also permits private litigation.

The legislation stipulates that a firm must first be notified of a violation before any official enforcement action may be taken. Businesses used to have a 30-day "right to cure" for infractions, but that will stop in 2023 under the CPRA. If a company fails to correct the infractions, it will almost certainly face sanctions. Large-scale data breaches and audience-wide data management violations might add up to a significant sum of money. A company with only 1,300 customers, for example, might face a punishment of roughly a million dollars if its data is stolen.

Updated on: 20-Jul-2022


Kickstart Your Career

Get certified by completing the course

Get Started