Compliance Services
October 06, 2021
4 minutes
CCPA stands for California Consumer Privacy Act and is a digital protection law that covers four major areas:
The CCPA is part of a larger trend toward data protection as consumers give companies more and more information to store, much of which is confidential, identifiable, and sensitive.
These laws have come shortly after some well-known data breaches which resulted in large businesses and organizations selling collected data without the knowledge of the consumers.
Passed in 2018, the CCPA became the most comprehensive privacy law in the US in order to give consumers more control over how their data is stored to protect their data from being bought and sold without consent.
The CCPA gives California residents a few important rights when it comes to how companies can use their data:
What qualifies as personal information is defined within the CCPA as information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
In layman’s terms: almost any statistics, data, actions, or pieces of knowledge that can be linked to you.
The CCPA also gives Californians a limited ability to sue businesses when their personal information has been compromised, via a data breach, for example.
It also gives the Attorney General power to sue on behalf of the residents and levy substantial financial penalties.
At an individual level, the CCPA impacts residents of California.
For businesses, every entity that operates and has consumers who are resident in California must abide by the law, regardless of which state they are based in.
In addition to that, for the CCPA to apply, a business must meet any one of these three criteria:
If a business meets one of these qualifiers, they must meet the requirements of the CCPA when doing business with Californians
The good news for small to medium-sized businesses (SMBs) is that the above qualifications are designed to protect you.
Because if you do not meet one of those qualifications, you are not required to be compliant with the privacy requirements of the CCPA.
Essentially, your business with Californians can remain the same.
Similarly, the CCPA does not apply to you if you don’t do any business in California.
But be wary that if you do meet one of the qualifications, having just one Californian customer means you must comply with the rules set by the CCPA.
If you’re confused, you are not alone. Be sure to consult with experts in the field to ensure you’re compliant if you must be. If not, you could face hefty fines.
For companies who are required to become compliant with the rules set by the CCPA, you may be asking yourself ‘what is CCPA compliance?’ It’s important that every business knows exactly what is required of you. Here is a quick rundown of what CCPA compliance means for SMBs:
The CCPA isn’t the only privacy-focused law passed in California.
In 2003, the California Online Privacy Protection Act (CalOPPA) was passed and was the first state law in the United States to require that commercial websites which collect personal information post a California-specific privacy policy that must include certain content as explained in the bill itself.
The CCPA, coming in over a decade later, took it even further by giving consumers the right to delete previously collected data and to opt out of future data collection from online companies who conduct business online.
Another example of privacy laws is the General Data Protection Regulations (GDPR) created in the European Union in 2018.
The GDPR gives European Union citizens a significant amount of control over their private data on the internet. Specifically, it changed the way that websites can acquire consumer consent in order to obtain data. The regulations outline the guidelines for how a website must communicate how personal data will be used and institutes requirements for proof of user consent.
Though the CCPA, CalOPPA, and GDPR are all different in their definitions and protections of user data, they do have one major thing in common: they affect the way people around the world do business with people living in these regions.
In the future, digital privacy laws won’t be limited to California and Europe.
Don’t get left behind, consult with an expert today to learn what your business needs to do to stay compliant with the latest laws and regulations.