California Consumer Privacy Act (CCPA)

Personally Identifiable Information (PII) of consumers plays a key role in business practices. Enterprises dealing with data of Californian consumers are required to take relevant measures to address the privacy concerns of end-users during data collection. The CCPA, inspired by the EU’s General Data Protection Regulation, came into effect on January 1, 2020, stressing the need to protect personal data of a business’ customers.

What is the CCPA?

The California Consumer Privacy Act is a state law that protects the identity information of consumers in California and restricts corporate selling and processing of their data. The law states privacy and data sharing regulations for businesses providing services to residents in California. Enforced on July 1, 2020, CCPA is the only comprehensive privacy law in the US.

What Does it Mean to Consumers?

Under the CCPA, Californian residents have specific rights for the personal data they share with corporate entities. As per the law, businesses are subject to a set of data protection standards that they must adhere to while associating ties with customers. Below are listed the main rights given to Californians according to the law:

The Right to Know

Consumers have the liberty to know what PII is collected and used by the business. The right also extends to users knowing about sharing and selling of certain parts of personal information to business associates of the corporation.

The Right to Opt-out

As per this section, consumers have the right to stop a business from providing third-party access to their data. Individuals below the age of 16 are required to provide a request for opt-in, while minors below 13 need a guardian’s consent to proceed.

The Right to Delete

The CCPA allows Californian consumers the right to have their identity information removed. This rule is applicable in the following circumstances:

• If the consumer’s PII was collected by the business
• The service provider no longer has any reason for holding personal information regarding the client, mentioned in the Cal. Civ. Code Sec. 1798.105
• If the business is not entitled to maintain personal information defined in the “general exemptions” section under Cal. Civ. Code Sec. 1798.145

The Right to Non-discrimination

This non-discrimination rule does not allow corporate entities to discriminate between different consumers. Below is a list of activities that are defined as discriminatory as per CCPA guidelines:

• Varying prices based on the customer
• Denial of services
• Altering the quality of goods
• Suggesting the consumer will receive a different price range

A business’ actions are not considered discriminatory in case it denies a consumer’s request to know, and request to delete or opt-out.

What Entities are Affected by the CCPA?

For-profit businesses that handle the personal information of Californian consumers are subject to regulations under the California Consumer Privacy Act. According to the law, these entities have the following characteristics:

• Business-to-consumer contracts with individuals based in California
• A gross income of $25 million or more per year
• The company shares the personal information of more than 50,000 consumers in a span of one calendar year
• 50% or more of the business’ total sales come from selling consumer data

What is CCPA Compliance?

Service providers and entities defined by the CCPA are required to comply with the privacy protection and data processing guidelines. CCPA compliance not only protects consumer data but also adds value to the company profile, increases customer value and credibility. California’s Attorney General (AG) is responsible for making sure entities in the state practice the regulation. A case of non-compliance can result in a penalty of $2500 per violation, and a fine of $7000 after the negligence hasn’t been corrected within a time of 30 days.