The State of California passed the Consumer Privacy Act of 2018 to allow California residents the right to not be the cynosure of all eyes. This privacy law protects the rights of consumers in California by regulating how businesses worldwide handle their private information and data.
It’s no secret that businesses and third-parties routinely collect private data and information about their customers. But when this information is treated as a commodity, up for grabs to the highest buyer on the market, its validity comes under fire.
Compliance is serious business
Are you aware that by not complying with the CCPA, businesses can rack up fines of $7,500 per violation, and $750 per affected user in civil damages? This doesn’t just hit wallets, but also the reputation of businesses that willfully defy the rules set down by the CCPA.
Businesses that need to be CCPA compliant
- Businesses worldwide, that sell the personal information of more than 50,000 California residents per year, or have an annual revenue that is in excess of $25 million, or derive more than 50% of its annual revenue from selling the personal information of California residents.
- A business that sells personal information, which, according to the CCPA includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.” (1798.140.t1)
- If the company shares common branding (for example, a shared name) with another business that is liable under the CCPA, the other company will need to stay CCPA-compliant as well.
California consumers can demand that their data not be sold to any third parties, have the right to ask what data has been shared, and they have the right to demand erasure of data that has already been collected.
How can businesses comply with the CCPA parameters?
To be CCPA-compliant, businesses need to implement changes to their websites. These changes reflect the understanding of, and compliance with, the CCPA law.
- Businesses must inform consumers when collecting data about the various personal information that they collect.
- A Do Not Sell My Personal Information link is mandatory, so that users can opt out of data shares.
- Minor users (under 16 years old) need to share their opt-in consent before companies go ahead and sell or share their personal information to third parties.
- The privacy policy needs to include a complete document on consumer’s rights. It must also contain yearly lists of the types of personal information that they share, collect and sell.
- When a consumer asks for a rundown on the data collected about them, the business needs to furnish the details to them free of charge.
Compliance is our #1 priority here at LegalEase Solutions. Find out how your business can stay compliant by utilizing our compliance and regulatory solutions.