A Brief Guide to CCPA

The California Consumer Protection Act

The California Consumer Protection Act (CCPA) is designed to enhance data privacy rights and consumer protections for the citizens of California and comes into effect on January 1, 2020. Although it's been over 2 years since the bill has been ratified, many companies are still not sure if and how they will be affected.  

Here's a brief overview of everything you need to know.

What is the purpose of CCPA?
CCPA has several goals. Firstly, it establishes the users' right to know whether any of their data is being collected, sold, or disclosed. Secondly, under CCPA, companies will need to provide the user with the ability to access or delete their data, or simply say no to its sale. Finally, users who exercise these rights will be protected from any discriminatory actions taken against them.

Under CCPA, what is the definition of user data?
CCPA goes further than GDPR in protected not only individual, but also household information. Accordingly, personal information is defined as any information that "identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers."

Nonetheless, publicly available information is not protected.

Who is affected?
CCPA applies to any for-profit business that does business in California and has annual gross revenues over $25 million or possesses data pertaining to at least 50,000 devices, households, or consumers or earns more than half of its annual revenue from selling consumer data.

What changes need to be in place by 2020?
Aside from protecting consumer rights, CCPA requires relevant companies to make it easy for consumers to decide how their data is being used. For example, an opt-out form must be made available on the website homepage as well as toll-free number for data access requests, at the bare minimum. For users who have opted out of sharing their data, companies must wait at least 12 months before asking for additional opt-in consent.

What happens if I violate CCPA?
Fines will range up to $7,500 for each intentional violation and $2,500 for unintentional violation. In the event of a security breach, companies can be fined between $100 and $750 per Californian user, in addition to any other court-ordered damages.

For more information or to request a CCPA audit, please contact Silent Breach today.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.