The California Consumer Privacy Act (CCPA)
What is the CCPA?
The California Consumer Privacy Act (CCPA) is a data privacy regulation that came into effect on January 1, 2020. Its main purpose is to give California residents and their households more control over their personal data. Furthermore, it holds businesses more accountable for protecting the data they collect and process.
In addition, the CCPA allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. Moreover, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.
Therefore, it is argued that the CCPA will have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that came into effect in May 2018.
Businesses Under the Scope of the CCPA
The CCPA applies to for-profit businesses, regardless of where in the world you are based, if you’re processing the personal information of Californian Residents and meet any of the following:
- Have a gross annual revenue of over $25 million;
- Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
- Derive 50% or more of their annual revenue from selling California residents’ personal information.
In addition, it’s important to note the CCPA does not apply to non-profit organisations or government agencies.
California Consumer Rights
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including the Right to:
- Know: The right to know about the personal information a business collects about them and how it is used and shared.
- Opt-Out: The right to delete personal information collected from them (with some exceptions).
- Delete: The right to opt-out of the sale of their personal information.
- Equal Service: The right to non-discrimination for exercising their CCPA rights.
What is considered personal information under the CCPA?
Personal information is defined as information that identifies, relates to, or could reasonably be linked with you or your household. For instance, this includes an individual’s:
- Name
- Social security number
- Email address
- Records of products purchased
- Internet browsing history
- Geolocation data
- Fingerprints
- Inferences from other personal information that could create a profile about their preferences and characteristics
What is not considered personal information under the CCPA?
Personal information does not include publicly available information that is from federal, state, or local government records. For example, professional licenses and public real estate or property records.
Penalties
- The California Attorney General can levy penalties and fines up to US $2,500 for unintentional and US $7,500 for intentional violations of the Act.
- Individuals can file claims for privacy loss and/or compromised identities of US $100-$750 per incident, per consumer. Or actual damages, if higher – for damage caused by a data breach.
- Similarly, organisations must have adequate security policies and practices in place to prevent a data breach, or they could face action from private individuals.
Achieving CCPA Compliance
CCPA training requirement – Section 1798.130(a)(6) Compliance
Section 1798.130(a)(6) of the Act requires regulated businesses to provide CCPA training to employees dealing with the California Consumer Privacy Act. These include:
- All individuals responsible for handling consumer inquiries about company’s privacy practices – to ensure that consumer inquiries are handled appropriately under the law.
- All individuals responsible for the CCPA compliance of the business – to ensure that the individuals responsible for compliance are informed of all the requirements of the specific sections identified. This means ensuring those responsible for executing their CCPA compliance program, have quality training and knowledge of the law to meet this requirement.
Therefore, if the CCPA affects your organisation, it is important that your employees understand it and know how to comply with its requirements.
How we can help with online CCPA training
Our online CCPA training course, is designed to support your staff with what they need to know to comply with the Act. Additionally, this e-learning course provides an overview of the new measures covering data privacy brought in by the CCPA, and includes an Assessment to test user understanding.
In addition, our training is fully customisable to meet your unique requirements. This could mean customising the course with your company branding, or updating the content in line with your guidance and procedures on the California Consumer Privacy Act (CCPA).
Get in touch
If you have any questions on our California Consumer Privacy Act (CCPA) eLearning, or would like to book a demo, please get in touch. You can contact us via our contact form, or email us at info@infoaware.com.