The California Consumer Protection Act (CCPA) is designed to enhance data privacy rights and consumer protections for the
citizens of California and comes into effect on January 1, 2020. Although it's been over 2 years since the bill has been
ratified, many companies are still not sure if and how they will be affected.
About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.
Here's a brief overview of everything you need to know.
What is the purpose of CCPA?
CCPA has several goals. Firstly, it establishes the users' right to know whether any of their data is being collected, sold, or
disclosed. Secondly, under CCPA, companies will need to provide the user with the ability to access or delete their data, or
simply say no to its sale. Finally, users who exercise these rights will be protected from any discriminatory actions taken
Under CCPA, what is the definition of user data?
CCPA goes further than GDPR in protected not only individual, but also household information. Accordingly, personal information
is defined as any information that "identifies, relates to, describes, is capable of being associated with, or could reasonably
be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique
personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver's
license number, passport number, or other similar identifiers."
Nonetheless, publicly available information is not protected.
Who is affected?
CCPA applies to any for-profit business that does business in California and has annual gross revenues over $25 million or
possesses data pertaining to at least 50,000 devices, households, or consumers or earns more than half of its annual revenue
from selling consumer data.
What changes need to be in place by 2020?
Aside from protecting consumer rights, CCPA requires relevant companies to make it easy for consumers to decide how their data
is being used. For example, an opt-out form must be made available on the website homepage as well as toll-free number for data
access requests, at the bare minimum. For users who have opted out of sharing their data, companies must wait at least 12 months
before asking for additional opt-in consent.
What happens if I violate CCPA?
Fines will range up to $7,500 for each intentional violation and $2,500 for unintentional violation. In the event of a security
breach, companies can be fined between $100 and $750 per Californian user, in addition to any other court-ordered damages.
For more information or to request a CCPA audit, please contact Silent Breach today.