As part of the TrustArc Privacy Insight Series Webinars, Beth Sipula, Senior Privacy Consultant at TrustArc, presented “California Consumer Privacy Act: What you Need to Know”. This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here. In this webinar, Beth discussed the California Consumer Privacy Act (CCPA), which is set to go into effect January 1, 2020. She covered CCPA’s background, who it applies to, key changes and recommendations on how to prepare for compliance.
The CCPA was passed by the State of California on June 28, 2018. All in scope businesses will need to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the January 1, 2020 deadline.
Who does the CCPA apply to?
Beth explained how the CCPA will apply to businesses worldwide if they, or an entity they control or that controls them, receive personal information from California residents, either directly or indirectly, and meet one or more of the following criteria:
- Annual revenue over US $25 million
- The entity annually receives, directly or indirectly, the personal information of 50,000 or more California residents, devices, or households
- 50% or more of its annual revenue is derived from the sale of personal information about California residents
Much like the GDPR, there will be harsh penalties for businesses that fail to comply with CCPA. Beth talked about how businesses are subject to civil action by the California Attorney General’s Office and can face penalties of up to $7,500 per intentional violation or $2,500 per unintentional violation. The CCPA also provides a private right of action to California residents where their personal information is subject to unauthorized access, theft, or disclosure.
In the webinar, Beth listed out the key requirements under the CCPA. She expanded on how businesses will now have obligations relating to the following: individual rights; data portability; deletion; disclosures about sharing/selling; opt out/opt in; non-discrimination and financial incentives; transparency; and personnel training.
Beth reminded viewers that those who have helped their companies prepare for the GDPR compliance date know the importance and benefit of starting early. Creating processes to manage these new and ongoing compliance obligations under the CCPA will be a large undertaking for any company in scope. Beth explained TrustArc’s 10 step plan to determine readiness and prepare to comply with the key changes required by CCPA. Similar to the efforts many companies undertook to comply with GDPR, CCPA will require companies who do business in California across technology and many other industry sectors to be accountable for their data handling practices in order to address the broad scope of individual rights similar to those under GDPR.
This webinar had even more best practices, tips, and recommendations for CCPA, which you can see on demand here.
Is your business ready for the California Consumer Privacy Act deadline? Schedule a consultation today!