Following the approval of the General Data Protection Regulation (GDPR) by the EU Parliament, California has passed its own data privacy legislation, known as the California Consumer Privacy Act (CCPA). This law affects businesses that collect personal data. So what does the CCPA mean for your business?
What is the California Consumer Privacy Act?
In short, the CCPA requires businesses to protect the personal information they obtain from California consumers. When the legislation goes into effect on January 1, 2020, businesses will need to implement privacy policies and security protections that further ensure consumer rights.
According to the CCPA, consumers have the right to the following:
- To know all data being collected and why
- To refuse the sale of their information
- To have their data deleted
- To opt-in before the sale of information of children under 16
- To know when data is shared with third parties
Businesses have 45 days to respond to consumer requests, and any damages that occur due to a breach can cost a business up to $7,500 per customer.
Who Does the CCPA Affect?
Any business that earns $25 million in revenue each year, sells 50,000 consumer records per year, or gets 50% of its revenue from selling personal information must follow CCPA guidelines. Although this means that most small businesses are excluded from the CCPA, small businesses can still be held accountable. All business owners need to start thinking about how consumer data is handled within their company.
What If My Business Isn’t In California?
With the passing of the GDPR and now the CCPA, other states are being prompted, including Mississippi, Hawaii, Maryland, and Massachusetts, to consider something similar. Even if your business is not in California or the EU, the laws may still apply to you if you have customers there.
With the CCPA in place, businesses will especially need to change the way they collect and handle consumer data from California. It’s best to move in the direction of handling all customer data in the same manner in compliance with the CCPA.
How to Prepare for the CCPA
Get an early start to give your business time to understand and fully prepare for the privacy regulations. Many businesses are already reviewing personal data processing and information security. Here are some of the things you can start doing to prepare your small business.
- Post a notice on your business website disclosing what information is being collected by your business, how it’s being used, and to whom it will be sold, if applicable.
- Create a simple opt-out process for the sale of personal information.
- Be prepared to delete all personal information if the customer requests that you do so.
No matter what state you operate in, as a business, protecting consumer information should always be a priority. By taking the initiative now to prepare for the future, you will be ready to respond to consumer inquiries about their data and earn the trust of your customers. Take this opportunity to improve the safety and protection of your consumer data. Talk with our digital marketing experts for more information on how to put these practices in place.