What is the California Consumer Privacy Act?

By Sally Maeng

qimono / Pixabay

Societies are becoming more digitized. This makes collecting consumer data — such as name, age, and email address — a vital element for businesses. Potentially adding to the stress is the California Consumer Privacy Act (CCPA) which comes into effect on January 1st, 2020.

The CCPA’s goal is to give customers more information and control over how their personal information is being used. It will apply to businesses that target California residents and California-based customers (basically, anyone who pays taxes to the State of California).

The CCPA requires businesses to get consent before collecting customers’ personal information. Business must disclose the following before or at the time of collecting customer data:

  • The type of personal information you seek to collect
  • The source or medium used to collect personal information
  • The purpose of collecting and selling personal information
  • The type of third-parties that will receive personal information

Upon customer’s request, businesses must share this information along with the customer’s personal data. Businesses must also delete customers’ personal information upon request in most situations.

Another important clause is that businesses must offer a “Do Not Sell My Personal Information,” opt-out choice. For customers under age 16, this has to be an opt-in choice. Furthermore, businesses can not discriminate against customers based on their personal information.

The CCPA requires businesses to be transparent in how they handle customer’s personal information. Failure to comply can lead to a fine up to $2500 per violation or $7500 if the violation was intentional. Additionally, infringing the CCPA can damage a business’ brand. Consequently, being aware of the CCPA is crucial for your business’ success.

What similarities does this have with GDPR?

Both the CCPA and GDPR are similar because businesses must be transparent. Businesses must disclose the following to their customers:

  • Which personal information is being collected.
  • How personal information is being collected.
  • Which third-parties will have access to personal information.

They are also alike in that these regulations apply to businesses outside of the EU and California. However, they are different in that the GDPR is more broad while the CCPA narrowly focuses on privacy rights.

The GDPR focuses more with how personal information is processed. It regulates disclosures that need to be made (like the CCPA). It also addresses particular procedures, like how businesses should handle a data breach (unlike the CCPA).

Under the GDPR (and not the CCPA), businesses must seek consent before making automatic decisions based on personal information.

The GDPR focuses on comprehensive privacy and security practices. Meanwhile, the CCPA emphasizes on maintaining customer’s consent.

Nonetheless, it is important your business carefully examine both laws. While the GDPR can appear more extensive, following the GDPR will not lead to complying the CCPA. For example, the GDPR asks for an opt-in privacy option while the CCPA requires an opt-out. LoginRadius’ experience with handling global regulations and can ensure your business complies to various data-related mandates.

What steps do businesses need to take to get ready?

Preparing to follow the CCPA can feel overwhelming. In fact, almost half of 250 surveyed American companies haven’t started with implementing appropriate privacy policies (<a target="_blank" …read more

Read more here:: B2CMarketingInsider

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge