March 25, 2020

CCPA: Guide to New Privacy Laws in California

The California Consumer Privacy Act went into effect January first. Find out more about the CCPA in this guide to new California privacy laws

The California Consumer Privacy Act, or CCPA, is a new piece of personal privacy legislation that will go into effect on July 1, 2020. The law was first introduced back in 2018, but the state gave companies two years to prepare for it to be implemented. 

Like the European General Data Protection Regulation (GDPR), the CCPA is designed to help individuals protect their personal information from being sold by companies in California. Of course, this means that the law is actually pretty complicated. Here's what you need to know about California's new privacy laws. 

Which Companies Are Affected by The CCPA? 

The CCPA applies to any business that works with Californians. This means that even Canadian or European companies that sell products or services in California have to abide by the law. However, the law only applies to consumers from California

The CCPA applies to any company that meets at least one of the following criteria:

  • Makes more than $25 million in annual gross revenue
  • Buys or sells the personal information of at least 50,000 people or households
  • Makes more than 50 percent of its annual gross revenue from selling personal information to other companies

What Do These New Privacy Laws Mean? 

The CCPA means that companies will need to alter their website. They will have to provide links and information to their consumers that allow them to reach out and see or delete the personal information that companies have collected about them. The provisions are as follows: 

  • Update privacy policies to include the rights of California residents.
  • Include ways for people to submit access requests for their data, including at least a toll-free phone number
  • Include a link on the home page of the website that lets people opt-out of having their information sold.
  • Implement methods to request parental consent for people who are under 13 years of age, and to ask for the consent of those aged between 13 and 16 before sharing their information
  • Companies have to wait a full year before they can ask consumers to opt-in to having their information collected and sold

What Are The Penalties?

It's not clear what the state of California will actually pursue in terms of penalties. The CCPA says that companies can be fined up to $7,500 per violation of the law, with a single individual's data counting as one violation. This means that the potential costs could be huge if several hundred people have their data collected in violation of the law. 

Companies will have a 30-day grace period to rectify a violation after they've been notified by the state. 

Keeping Your Data Safe Is a Constant Battle

The CCPA and other privacy laws make it easier for individuals to keep their data anonymous, but they don't always keep data safe. Businesses and people are always at risk of having their information stolen by illegal actors. That's why it's important for your personal and work computers to be properly secured. 

Want more information on how to keep your company's data secure? Get in touch with us for a free demo of our eGuardian® platform for your workforce. 

privacy laws