What is the new California data privacy law? CCPA: What You Need to Know for 2020

What is the new California data privacy law? CCPA: What You Need to Know for 2020

The upcoming California Consumer Privacy Act (CCPA), a new act that aims to protect consumers and their information, has been a hot topic lately. What does this mean for your business? Below, we’ve covered the basics of the CCPA, which will take effect on January 1st, 2020.

What is the new California data privacy law?
The California Consumer Privacy Act (CCPA) is similar to the General Data Protection Regulation Act (GDPR) that was passed in the EU, in that both of them were passed to protect consumers and their private data as our businesses become more technologically advanced. Think about Facebook and Amazon, which were both dealing with controversy for selling their users’ personal information to third parties.

Officially known as AB-375, the CCPA was passed in June 2018. Although it was passed in California, that doesn’t mean that businesses located in other states aren’t affected by it. If your company serves residents in California, even if you aren’t located in California or you don’t have a physical storefront, you may be required to comply.

What is CCPA compliance?
The requirements for CCPA compliance are as follows:

  • Parental or guardian consent for minors under 13.
  • Your website must include a button that says “Do Not Sell My Personal Information.”
  • Upon request, you must delete consumer data.
  • It is illegal to treat consumers unfairly based on their decisions over their data. For example, your business may not deny service or charge higher prices to these consumers.
  • There must be a way for consumers to submit a data access request, with a minimum requirement of a toll-free telephone.
  • Privacy policies must be updated to include information about the new rights of California residents.

Failure to comply with the California Consumer Privacy Act will be as follows:

  • A fine up to $7,500 for each intentional violation.
  • A fine of up to $2,500 for each unintentional violation.

Do I need to comply with the CCPA?
For the most part, the CCPA affects larger businesses. If your business meets one of these criteria, AND you serve California residents, you must comply with the CCPA:

  1. Your company makes over $25 million in annual revenue.
  2. Your company has collected personal data for at least 50,000 individuals.
  3. Your company collects over half of your revenue from the sale of personal data.

Examples of companies that will have to comply with the CCPA include Starbucks, Target, McDonald’s, and more. If you run a large shoe-selling website out of your office in New York City and you also sell to customers in California, you may need to comply with the CCPA if you meet any of the requirements listed above.

Check your CRM, email lists, and anything else where you might be storing consumer information to see if you need to be CCPA compliant.

What does the CCPA classify as personal or private information?
Personal data, as defined by the CCPA, includes but is not limited to the following:

  • Phone number
  • Social security number
  • Driver’s license number
  • Physical characteristics
  • Health insurance information
  • Name and signature
  • Address
  • Credit card or debit card number
  • Employment
  • Bank account number

What should I do if my business is required to comply with the CCPA?
Call Octadyne Systems at 515-232-2024 to get started. We’ll help you implement all the necessary actions such as a Do Not Sell My Information button, required forms, consent forms, and more on your website to make sure that you are CCPA compliant.