The California Consumer Privacy Act (CCPA): What You Need to Know

Before you assume that the CCPA will not affect you because your business is not located in California, know that companies both inside and outside of California will be affected by its requirements.
Contact a CCPA Expert Now

Do I need to be CCPA Compliant?
The California Consumer Privacy Act (CCPA) will apply to businesses worldwide if they, or an entity they control, or that controls them, receive personal information from California residents, either directly or indirectly, and meet one or more of the  following criteria:

  • Annual revenue exceeds US $25 Million
  • The entity annually receives, directly or indirectly, the personal information of 50,000 or more California residents, devices, or households

CCPA at a glance: 

  • CCPA law passed June 2018 (following the footsteps)
  • Will go into effect Jan 1. 2020

CCPA goes into effect in:

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

What does the California Consumer Privacy Act do? 

1. Gives You Ownership

Protect your right to tell a business not to share or sell your personal information.

2. Gives You Control

Gain control over the personal information that is collected about you. 

3. Gives You Security

Hold businesses responsible for safeguarding you personal information.

Comparing Privacy Laws: CCPA vs. GDPR

What to know about CCPA

CCPA Background
  • The State of California passed the California Consumer Privacy Act (now known as the CCPA) on June 28, 2018.
  • Slated to go into effect January 1, 2020, the CCPA is set to be the toughest privacy law in the United States.
  • The CCPA broadly expands the rights of consumers and requires businesses within scope to be significantly more transparent about how they collect, use, and disclose personal information.
  • All in scope businesses will need to enhance their data management practices, expand their individual rights processes, and update their privacy policies by the January 1, 2020 deadline.
CCPA Sanctions for Non-Compliance
  • Under the CCPA, businesses are subject to civil action by the California Attorney General’s Office and can face penalties of up to $7,500 per intentional violation or $2,500  per unintentional violation.
  • The CCPA also provides a private right of action to California residents where their personal information is subject to unauthorized access, theft, or disclosure.
  • If the California Attorney General’s Office declined to bring an action, residents could bring a private action, where businesses would face paying between $100 to $750 per resident or incident (regardless of whether actual damages are shown).
Do I need to comply with CCPA?
  • The CCPA will apply to businesses worldwide if they, or an entity they control or that controls them, receive personal information from California residents, either directly or indirectly, and meet one or more of the following criteria:

    - Annual revenue exceeds US $25 million
    - The entity annually receives, directly or indirectly, the personal information of 50,000 or more California residents, devices, or households

    50% or more of its annual revenue is derived from the sale of personal information about California residents

    **Notably, “Personal Information” and “Sale” are given expansive definitions under the CCPA, which greatly increase the scope of businesses to which CCPA will apply.

CCPA Key Requirements

Data Portability

  • If the specific data elements of personal information are provided to the requestor electronically, to the extent technically feasible, they must be provided in a readily transferable electronic format.

Deletion

  • Individuals may request to have their personal information deleted.

Disclosures about Sharing /Sale

  • Individuals may request an accounting of the disclosures, including sale, of personal information made to third parties; this significantly expands upon the existing California “Shine the Light” law.

Opt Out

  • Individuals may object to the sale of personal information about them

Opt In.

  • Minors or their guardian must affirmatively authorize the sale of the minor’s personal information.

Non-Discrimination and Financial Incentives

  • Businesses may not discriminate against consumers for opting out of the sale of their personal information.
  • Businesses may not deny products or services or offer differential pricing or rates, unless directly related to the value of the data to the consumer.
  • Business may offer and enter into fair and transparent financial incentive programs for the collection, sale, and disclosure of personal information with informed consent of consumers.

Transparency

  • The online privacy policy or other web-based notice must disclose the categories of data collected, sources from which data is collected, purposes for which the data is used, categories of third  parties with whom data is shared, information about individual  rights and how to exercise them, as well as the data collected, sold, or disclosed within the prior 12 months.

Training

  • Specific communications and training obligations for responsible personnel.

Failure To Meet Compliance Standards Can Result in Fines

About MDS

Maureen Data Systems is a IT services and solutions company committed to developing custom, streamlined solutions for customers to achieve their business objectives.

MDS structures its highly skilled engineers to align with how our customers consume technology—with one team responsible for infrastructure, another heading up productivity and applications, and a third committed to identity and security solutions.

Contact Us

NYC Headquarters
307 W. 38th Street, Suite 1801
New York, NY 10018

Tel
646-744-1000
Email: 
contactus@mdsny.com

NYC | FL | TX | PR