The California Consumer Privacy Act (CCPA) AB 375 will come into effect on January 1, 2020. The CCPA was created with the same intention as of the EU’s well-known General Data Protection Regulation (GDPR). This will keep a check on the way businesses collect private information online from the California-based citizen.
As per the new AB 375 allows all/any California consumer can openly demand to see any/all of the information a company has collected & saved (online/offline) about them. The consumer can also ask to have detailed information about the way this information will be used by the companies and further the information about the third parties, with whom this saved data will be shared anyway. Incase any consumer feels a threat to his privacy or finds a company violating the defined privacy laws, he can sue the company.
The CCPA empowers the Californian consumers with these following rights to:
A PwC-sponsored survey of CIOs at companies with at least $1 billion in revenues conducted by a third-party firm the first week of October found that 43% will spend over $10 million getting ready for the California Consumer Privacy Act (CCPA)—with 20% topping $100 million.
Legal, for-profit entities that operate in California and collect consumers’ personal information will be responsible for complying to the CCPA if they meet any of these stipulations:
NOTE: The Act is not for companies based in California or have a physical presence in the US. All companies who serve California consumers and collect data in a way or another fall under this law.
The CCPA defines the personal information of any consumer that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” The ‘Personal Information” includes
Further, personal information could include educational information, family background, professional history, and so on. The definition of ‘Personal Information’ in CCPA is quite broad and covers almost every bit of information about California’s residents.
If your business is already GDPR compliance, then it’s a cakewalk for you to get compliance with the CCPA. In case you were not following GDPR, it could be a tough call for you, as you need to start from scratch, but believe us, it is now vital to follow CCPA guidelines.
You need to have a good overall plan for carrying the CCPA’s security and privacy laws. Here is what you need to practice, to go hand in hand with the upcoming CCPA rules.
After checking the personal data and their permissions, work on the data security measures. You should limit the data access to those who actually need that data in performing their job. This is known as ‘Role-based Access Controls.’
Implement a data security program to have a full-time check on any outside threats or unauthorized access to the personal data saved.
Continuously review and check permissions to maintain the data integrity, data security, and privacy of the personal data saved.
Keep an eye on any possible or new cyber threats and adjust privacy and security settings to keep your database safe.
You are never done with CCPA, go back to Step 1( the groundwork), to see how data is saved, and organized and then follow the rest of the jobs. To be compliant with CCPA or any other such standards – you always have to make sure that you understand how and if it is relevant.
If you are practicing recommended automation practices such as progressive profiling, form optimization, data cleanups, and data security, etc. you will never feel a burden to comply with any data guidelines.
In case you need any help with getting yourself ready for CCPA or GDPR or any assistance to understand digital data privacy regulations, we can support you. Write to us at [email protected]