Staying Ahead of The California Consumer Privacy Act
The pendulum continues to move towards protecting the consumer
Remember the GDPR? Of course, you do, it has laid the foundation for what is being touted as the strictest privacy law in the United States. It was signed into law as Assembly Bill 375 by Governor Bill on June 28, 2018, and expected to become enforceable by 2020. California Consumer Privacy Act is modeled after the European Union General Data Protection Regulation (GDPR) with an intent to protect California residents from all form of data breaches. It is expected that CCPA will mark the beginning of a stricter consumer privacy law in the United States. For now, CCPA, as enacted by the State of California, will open doors for other states to take a regulatory and watchdog route as regards consumer privacy in the United States.
Watch the Video from Jeff Stanislow, CEO of Chief Internet Marketer on the CCPA.
Compliance with CCPA may come easier for companies that are already in line with the requirements of GDPR. Not like it will be a walk over for these firms, but meeting the requirements of CCPA will not pose much of a threat. CCPA is also expected to help take a regulatory stand at the Federal level in given internet users the security and privacy they have always longed for. This is not the first time in history that the State of California will be ahead of others in matters relating to personal liberty and freedom. In 1972, California amended the constitution to fill a gap in the California constitution and the Bill of Rights. Right in the second sentence of the California Constitution, the issue of privacy was addressed;
“All people are, by nature, free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.”
You will notice that privacy is an issue that is of utmost concern to California voters and residents. Today, California has found itself at the forefront of technological proliferation and development as it houses tech giants; Google and Facebook. Which is why issues bothering on the collection, gathering, and marketing of California Residents’ data.
- The Where
California Consumer Privacy Act is a response to a ballot initiative by a California real estate developer, Alastair Mactaggart. Currently, a Federal privacy protection law is absent in the United States.
However, there is a need for privacy regulations due to the evolving needs of the people. What we have presently are sector-specific privacy regulations such as Children’s Online Privacy Rule and the Health Insurance Portability and Accountability Act (HIPPA).
There are no encompassing regulations on data collection, storage, breach notification, and data access subject as obtainable in Canada and the European Union through PIPEDA and GDPR, respectively.
Mactaggart hopes that CCPA will create a sense of responsibility in businesses that make use of consumer data.
- Who is CCPA Intended For?
There is a more significant focus on large businesses and corporations who functions relying on consumer data. It’s a two-way focus; businesses who due to their size and net worth have access to consumer data and those who trade consumer data.
To be more specific, CCPA targets businesses with an annual gross revenue in the range of $25 Million, those who have access to not less than 50,000 or more per personal data of California Residents, devices and households, and more importantly, have 50% of their annual revenue from the sale of California Residents data.
The implication is that even if your company does not have any contact with consumer data, by the sheer size of your revenue, you must still stay compliant to the dictates of CCPA.
- When Will CCPA Be Active?
While the debate of CCPA by legislators, privacy activists, lobbyist, and private sector is still active, the final regulation is expected to be published on or later than January 1st, 2020 with enforcement expected to commence by July 1st, 2020.
It is stated that enforcement will be active six months after the regulations are published. This means that if the rules are published on January 1st, 2020, then implementation goes live six months after.
As a business, please note that the six-month window is never a grace period as enforcement can commence immediately the regulations are published.
- What Is CCPA Going To Be Protecting?
If you have an understanding of EU’s GDPR, then you are abreast of the regulations of the CCPA. The CCPA is more a like transparency principle that gives consumers knowledge of how their data is being collected and what it is being used for or will be used for.
It will be about California residents knowing the kinds of data companies have on them, and the categories of data collection. The important aspect of CCPA focuses on the rights of residents upon understanding these data to opt out of the sale and prevent the future gathering of data on them.
To be able to trigger these transparency principles, Californians will need to understand the opt-out mechanisms, disclosures, and types of notices available with the new regulation.
- How Will Defaulters Be Penalized?
Of course, there will be defaulters. Despite the long period available to companies to stay within the dictate of GDPR, there were still several defaulters after all. The CCPA is not enforceable yet, and details are still being ironed out through public forums and legal department.
For now, the California Attorney General can impose between $2,500 and $7,500 on defaulters. It may appear meager, but considering the over 39 million California residents, companies could find themselves wallowing in privacy debts and damages.
The Future of CCPA and Privacy Laws in The United States
California may have been the pathfinders, but several other states are already devising means of protecting their residents’ data. What this means for businesses is that they will have themselves faces with 50 different privacy regulations; a multilayered regulations problem in addition to international requirements.
While 2020 may seem distanced, it is better for you as a business to start making efforts from now. It will be a matter of scampering for safety when CCPA becomes active six months from now.
Learn more about Privacy in the CDMP Module