January 1st, 2020 saw the commencement of America’s first data privacy law put into place – the California Consumer Privacy Act (CCPA). This is a groundbreaking bill seeks to improve the privacy and consumer protection for residents of California. What exactly does this law entail?
Nowadays, it is nearly an everyday occurrence to give out personal identifiable information such as your full name, home address, email, credit card numbers, phone number, etc. to websites. You make purchases on Amazon, you pay your bills through your bank online, you subscribe to music streaming services, you download a new app, and you browse the web in general. Control over your personal data has never been more important than now with how much of our lives revolve around the internet.
California took notice of this. January 1st, 2020 saw the commencement of America’s first data privacy law put into place – the California Consumer Privacy Act (CCPA). This is a groundbreaking bill signed in June 2018 that seeks to improve the privacy and consumer protection for residents of California. What exactly does this law entail?
According to California’s Office of the Attorney General website, oag.gov, the CCPA provides consumers…
- The right to know – Consumers may request that businesses disclose what personal information is collected, used, shared or sold by the business.
- The right to delete — Consumers may request that a business delete the consumer’s personal information held by both the business and by extension, the business’s service providers.
- The right to opt-out — Consumers may direct a business to cease the sale of the consumer’s personal information.
- Rights for minors regarding opt-in consent — Children under the age of 16 must provide opt-in consent, with a parent or guardian consenting for children under 13.
- The right to non-discrimination — Businesses may not discriminate against consumers in terms of price or service when a consumer exercises a privacy right under CCPA.
If you are a business that sells to California residents and you check off one of these three bullet points then you are subject to the CCPA regulations according to oag.gov:
- Your company has a gross annual revenue in excess of $25 million OR
- Your company derives 50% or more of its annual revenues from selling consumers’ personal information OR
- Your company buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices
Yes, you read that correctly. Even if you aren’t physically located in California, if you do business with current CA residents and check off one of the three points mentioned above then you can be on the hook. But what if you don’t meet those requirements? Why should you still be concerned about the CCPA? Here are three reasons you should still care about it:
- The CCPA is the first of its kind in America and other states will eventually follow suit. New York already proposed its stricter version of the CCPA in mid 2019. This proposition ultimately failed but will surely not be the end of states passing similar bills that offer their residents equivalent power over their personal data. Be on the lookout for the next state to get an online privacy law passed and watch as the dominoes tumble one by one – each using the CCPA as a blueprint.
- As a consumer yourself, you most likely want to have control over your data and where that information ends up. Think about how many websites have collected your name, email, phone number, and credit card numbers over the years. Truly think about the potential number of people that could have that information. The original website you gave it to, the unknown number of companies they sold it to, the potential cyber criminals, where does it stop? You don’t know where it gets sold to. You don’t get a say in it at all – for now.
- People want to do business with companies they can trust. Do you ever think twice about putting your credit card information into a website that starts with http instead of https? I know I do. Similarly, I am much more likely to do business with a company that acknowledges the information they take from me is to be treated as if it was their own. I want to support companies that take cyber security seriously and companies that do everything in their power to ensure my personal data is protected. Honesty and trust are key components of building rapport with your customers. Just because you don’t have to follow the CCPA doesn’t mean you shouldn’t.
Although enforcement for the CCPA doesn’t start until July 1st, 2020 – it is never too soon to start preparing your website. It is always better to stay ahead of the curve with these types of movements. Paying someone to fix your website compares to pocket change when you consider the amount of money legal action against your company would cost.