CCPA: A Real Roller Coaster for Business Entities
One huge change in 2020 is the new data privacy law called the California Consumer Privacy Act or CCPA, which is effective from January 1st, 2020. Its results are expected to have impacts far beyond California State.
The CCPA is considered as Calfornia’s equivalent of Europe’s General Data Protection Regulation (GDPR). Signed by Governor of California in 2018, the CCPA grants California residents new online privacy and consumer protection. Even if you aren’t a resident of the Golden State, it may affect you.
What is CCPA and What it’s going to do?
This Act is going to give residents of California the right; to know what personal data is being collected on them and for what purpose is their data is used, who the data is sold to or shared with. They will also have the right to request that their data is not sold to third parties and could be deleted if requested. Furthermore, it also gives citizens the right to access their data collected online.
Even if your business doesn’t have a physical presence in California but you conduct business with residents of the state, then the CCPA may affect you too. While the CCPA is California’s state law, customers and businesses all across the united states will likely benefit.
Most businesses won’t want to deal with the extra overhead of applying to different privacy rules; one for California and one for the rest of the country. Just like the GDPR isn’t directly applicable to non-European countries, it paves the way for new data protection regulations across the globe. CCPA it’s self is inspired by GDPR and will now likely serve as an inspiration for other such laws.
Businesses Affected by CCPA
CCPA will affect the businesses selling products or rendering services to the residents of California. If your company buys or sells data on at least 50000 California residents each year, you are obliged to disclose to those residents what you are going to do with their data and they also have the right to not sell their data.
Moreover, companies generating revenue equivalent to, or more than $25 million or get 50% or more of their annual revenue by selling customer information are affected by the CCPA.
Firms that need to Comply with CCPA
Businesses operating online and collecting any sort of customer data needs to comply with CCPA. Following are some businesses that must comply with CCPA regulations:
Identity Verification Services
As identity verification requires sensitive identification data on customers, the verification services are most vulnerable to data breaches and need to place stringent checks on how to protect customers’ data. CCPA requires that all identity verification services implement their privacy policies amid Califonia Consumer Privacy Act.
Social Media Platforms
Being an important part of customers’ online journey, social media is a preferable platform for targeting the audience of interest. Different social media sites are used to advertise products and services and data available on social media platforms, even though mostly unstructured, contains sensitive information. Mostly personal data from social media platforms are bought and sold without prior user consent and which is why CCPA is going to affect social media platforms.
Are Businesses Ready for California’s New Consumer Protection Act?
As with GDPR, no one’s certain about what it means to be compliant with CCPA. With the start of a new decade, the law is in effect and it looks like consumers, businesses and even the regulatory authorities in California are not ready. Draft regulations for enforcing the act is still to be finalized at the state level.
Despite a lot of concerns before it’s official adoptions last year, GDPR went smoothly at least swifter then what was expected but the CCPA is likely to be a greater compliance challenge. Being the United States’ first data privacy law that gives customers control over their data, the CCPA is expected to create a lot of uncertainties.
Most online companies view the CCPA as being in their long term interest as it’s the first step towards data privacy. The companies, however, are not quite sure whether the law is comprehensive enough to cover all the data protection aspects and deal with all the challenges faced by firms and customers online.
Anyhow, California’s Attorney General says that even though widespread enforcement of CCPA isn’t likely until July, companies shouldn’t consider the first six months as a grace period. He further said, “We are going to help companies understand our interpretation of the law.”
Seeing the hesitations and all the uncertainty built around the implementation of CCPA, businesses consider it to be a real roller coaster ride for both the regulators and the firms that aim to comply with CCPA.