Do you do business in California? Do you generate more than $25M in revenue?
As currently written, the CCPA is a confusing piece of legislation. It requires certain things from certain companies, depending on the types of data being processed, and the purpose for processing that data. It references other, existing California statutes that deal with the maintenance of customer records, unauthorized loss of data, and breach notification. Were you aware of these existing obligations for compliantly conducting business in California? Are you aware of the interplay between old laws and new ones?
The CCPA requires organizations to tell California residents when their personal data is being collected and what it’s being used for. Consumers also have the right to:
- Access the personal information that organizations collect or process about them
- Request that organizations delete their personal data under certain circumstances
- Request that organizations don’t sell their personal data to third parties
The CCPA took effect on January 1, 2020, and enforcement began on July 1, even in the face of COVID-19-related complexities.
Now its successor, the CPRA, will be going into effect on January 1, 2023. The CPRA effectively replaces the CCPA and bolsters privacy protections for California consumers.
CCPA Links: Californians for Consumer Privacy |CA Attorney General’s webpage |California Consumer Privacy Act of 2018 | ACSM CCPA Readiness Assessment
For example, did you know that your website may be required to state “Do Not Sell (Or Share) My Personal Information,” and you need to be able to implement any changes in your business to support the request (potentially including a toll-free phone number)? This potentially means that your organization may need to monitor cookie compliance, allow opt-out of targeted advertising, and negotiate contracts with data service providers. This is where ACSM can help! We excel at defining and implementing the best changes to your specific business processes.
Also under the CCPA, similar to GDPR’s Data Subject Access Requests, your business will now need to be able to support verifiable consumer requests. ACSM has deep experience with these processes and demonstrated compliance for companies implementing these changes in the most lightweight and adequate ways.
Are you already GDPR compliant? ACSM can help you get to CCPA compliance in short order, and prepare for the upcoming CPRA. There are key differences in the legislative construction, intent, and implementation of these similar, but different regulations on the processing of personal data.
Did you know the average cost of a data breach is nearly $3.9M, with a cost of $150 per record lost? This is per the annual IBM/Ponemon report (https://www.ibm.com/security/data-breach). Under the CCPA/CPRA, this figure could increase to $750 per consumer per incident. These new California laws also give a private right of action to affected consumers. Are you protected from liability?
If you are new to privacy compliance, then we might recommend starting with a quick privacy assessment to help you understand any gaps and prepare for making adjustments to the new standards.
We can also provide the needed technologies and processes to help you streamline your Incident Response and Breach Notification processes, no matter where you do business.