The CCPA is the most comprehensive privacy law in the United States. It is a model for other states and is transforming how businesses do business in California. It covers companies worldwide that do business in California and collect personal information from consumers. A business must comply with the CCPA if it satisfies one of three thresholds. These thresholds are annual gross revenues over $25 million; obtaining personal information of 50,000 or more California residents, households, or devices annually; or deriving 50 percent or more annual revenue from selling consumer personal information.
Transparency
Transparency is a key part of the consumer privacy act. It requires businesses to be upfront about collecting and using consumers’ personal information. It also provides a right of access to consumers’ personal information and gives them the ability to request changes or deletions to their information. Transparency is important because it helps build trust between companies and their employees. Employees want to know what’s happening behind the scenes, especially when it affects their work. They want to know that the company is transparent about its goals and policies, and they want to feel comfortable enough with their bosses to ask questions. For transparency to be effective, businesses need to put in the time and effort to make it happen. This can be done through careful planning and thoughtful communication between executives and their teams.
Control
As technology and data become increasingly critical in our daily lives, many share personal information with businesses. We may be asked to provide our names, addresses, credit card numbers, Social Security numbers, medical records, biometric data, precise geolocation information, and more. The California Consumer Privacy Act summary aims to protect this information from unauthorized collection, use, or disclosure. To do so, the Act requires companies to consider how they collect and use this information. For example, companies need to be careful about storing or selling this type of information when the consumer is not in California. And they need to be alert to the fact that their privacy policies and Web sites will need to be updated to comply with the Act’s requirements. Among the most exciting aspects of the CCPA is its creation of a consumer privacy fund to help offset costs incurred by the state courts and Attorney General in enforcing the law. This fund is available for use by the Director of Finance, who must consider how it will be spent promptly to ensure that the funds are not used for any purpose other than to offset those costs. The CCPA can potentially change the face of privacy law in California and beyond. The most important thing is to prepare for the changes ahead of time and be sure to take advantage of all of the tools and resources Bloomberg Law provides to help you do so.
Accountability
When new state legislation comes into effect, it can feel like a jumbled grab bag of rules and regulations that don’t always make sense to your organization. This is particularly true when it comes to a law that covers your business’s handling of consumer data. One way the CPRA addresses accountability is by requiring businesses to respond to verified consumer requests about records they have collected. This means businesses must provide specific personal information that consumers can verify and easily understand. The CPRA also gives consumers the right to limit how businesses use their personal information. This includes the right to direct a business to use or disclose their sensitive personal information only for specific purposes, such as providing them with products or services they request. Finally, the CPRA requires businesses to provide consumers with the ability to change or delete their personal information in cases where they no longer wish to have it shared. This can help to reduce data breaches and increase a business’s profitability.
Access
Access is a consumer’s right to obtain information from a business or service provider regarding how that company collects, uses, and shares personal data about them. It also includes a right to be told where the information has been shared and a right to have that information corrected if it is inaccurate or no longer relevant. The California Consumer Privacy Act applies to all companies that serve consumers in California and that make at least $25 million in revenue each year. Additionally, all companies with personal data on at least 50,000 people or earning more than half of their revenues from selling consumers’ personal information are subject to the law. As with GDPR, the CCPA allows a consumer to demand to see all of the data a company has collected about them and a complete list of third parties with whom they have shared that data. This data can often be massive and include hundreds to thousands of terabytes of information. The CCPA also establishes a private right of action for consumers with personal information or email login information stolen by a breach. These consumers can bring lawsuits for the greater of actual or statutory damages based on the amount of personal information stolen in each incident.