If you’ve seen notices about the California Consumer Privacy Act (CCPA) on some websites recently, you might be wondering if your business needs to do anything about this new regulation.
What is it?
The CCPA took effect on January 1, 2020. It provides consumers with the right to know what data is collected about them by a business, and the right to have that data deleted. It also affirms the right to opt-out of the sale of personal information, and requires opt-in for young consumers; and it prohibits discrimination against individuals who exercise these privacy rights.
The regulation specifies quite a list of compliance actions and procedures for businesses. However, it does not apply to all businesses.
Who must comply?
Your business must comply only if it meets one or more of the following descriptions:
- Annual gross revenues exceed 25 million dollars
- 50% or more of annual revenues come from selling consumers’ personal information
- Sells, and/or shares for commercial purposes, the personal information of 50,000 or more consumers, households, or devices annually
If your business appears to meet or approach one of these three categories, and if any data of California residents is involved, then you should immediately assess your status with regard to the CCPA, and take appropriate actions for compliance.
What if we’re already GDPR compliant?
Businesses that comply with the EU’s GDPR are not necessarily in compliance with California’s regulations; the CCPA has additional requirements.
To learn more, visit the State of California website.