CCPA Compliance 101

Consumer data privacy was changed across the world in 2018. In that year, the European Parliament enacted the General Data Protection Regulation. The GDPR was a sweeping update to European privacy laws that required opt-in from an individual for their data to be collected and maintained by online or commercial entities international businesses to reimagine the marketing industry as a result of new consent and compliance laws relating to consumer data collection.

But this wasn’t the only crucial piece of consumer privacy focused legislation that came into being that year that impacted global business entities. While all of this was going on in Europe, American legislators were working hard at various levels of state and national government to enact protections for consumers in the wake of the Cambridge Analytica Data Scandal that revealed the actual scope of data businesses track and the potential negative impact disclosure of such data might cause. In this article, Apex Technology discusses one such successfully enacted piece of legislation, the California Consumer Privacy Act. Considered a more commercial-use focused piece of legislation than its European counterpart, the CCPA has a number of compliance requirements that businesses meeting certain criteria must meet when operating within California and dealing with residents’ consumer data

 

CCPA Sheds Light on the Scope of Data Collection

While businesses and organizations have been collecting and managing consumer data for years, it’s only been in the last several years that the scope and impact of this data collection have become increasingly clear. The rising proliferation of data breaches and hacks on businesses resulting in consumer privacy being compromised has led to more legislation designed to protect consumers. As one section of the legislation reminds consumers, there is little we can do in our culture that doesn’t share some piece of personal data, and as the sharing of data increases, so too should the regulations and security compliance requirements on companies that collect and maintain that data. Since its passage, the CCPA has inspired similar legislation to be drafted or introduced in at least a dozen other states. Let’s look at what kinds of companies are impacted and how they remain compliant with CCPA. 

Impacted Organizations

The CCPA applies to any for-profit business doing business in California that meets any combination of the following criteria:

  • Has $25M in annual revenue.
  • Receive 50% or more of annual revenue through the sale of California residents’ personally identifiable information (PII).
  • Buy, receive, or sell PII of 50,000 or more California-based residents, homes, or devices.

Nonprofits and government agencies are not impacted by the CCPA.   

Who is Protected and What Can A Protected Individual Request from a Covered Entity?

The CCPA only protects California residents. As a resident, you’re able to request that 

  • A business discloses what PII they have and how that PII will be used by the company.
  • The business deletes your information or refrains from selling your information.
  • Be informed at the time of collection or prior to the point of collection, the type of information being collected, and the intended use of that data.
  • Children’s information may only be obtained for children under 16 if the child ops in for themselves (ages 13+) or their parents (under the age of 13).

These protections cannot be waived, and businesses cannot discriminate against individuals who exercise their rights under the CCPA. 

How Can Apex Technology Help You Achieve Compliance?

At Apex Technology, we’ve done our homework on what our clients need to do in order to be compliant with CCPA. We’ll ensure your website includes the requisite, “Do not sell my personal information” verbiage and link and we’ll help on the back end to determine proper methods for data access requests, changes, and erasure. We’ll help establish authentication and identity verification methods and integrate methods for ensuring you’re gaining the proper consent when it comes to minors. Bottom line, we’ll help your business remain compliant while focusing on providing a managed cybersecurity approach to your site so you can continue to operate in California and focus on serving your customers. Learn more about CCPA and other legislative requirements your organization might be liable to follow, and see how Apex Technology can help your business avoid costly fines.