The California Consumer Privacy Act (CCPA) was introduced for the first time in the Californian Legislature in February of 2017 and was focused more on internet and cable service companies than any of industry. This is mainly owing to the Trump administration and Congress halting some federal consumer privacy protection rules in regards to internet service providers.
Since then, many amendments have been made which have left people with a lot of questions regarding what is contained in the Act.
Here are 4 frequently asked questions about the California Consumer Privacy Act:
1. What Is A Consumer And Who Benefits From The New Rights Under The Act?
A consumer under the CCPA is a California resident as outlined in the California personal income tax regulations. It is any individual that benefits from the California law and is being served and protected by the California government.
This consumer is a permanent citizen of California and the Act still serves him or her even when he or she is outside the state on a temporary or transitional purpose.
The new rights of the California Consumer Privacy Act are purposely meant for the above-mentioned consumer.
2. What Is Personal Information In Relation To The CCPA?
Personal information according to the CCPA is defined as any information that identifies, describes, relates to, is associated with, or could be linked indirectly or directly to a consumer or a household.
The Act lists 10 specific categories in the definition of personal information. These are the identifiers, the protected classification characteristics under the California law, commercial information, biometric information, internet and electronic activity information, geolocation data, audio, visual, and olfactory information, employment and professional information, education information, and inferences.
3. Which Businesses Are Expected To Comply With The CCPA?
For-profit businesses that carry out their operations in the state of California, collect personal consumer information both directly or through third parties, have annual gross revenue exceeding $25,000,000, handle personal information equaling or exceeding 50,000 consumers, devices, or households, or one that processes a consumer’s personal information.
Non-profit entities are not subject to the CCPA as they do not operate for the financial benefit of the owners.
4. What Penalties Apply To The Violation Of The CCPA?
The CCPA is enforced by the California Attorney General. However, the CCPA offers a private right of action for any unauthorized access, disclosure or theft of information.
The California Attorney General is expected to provide the offending business or individual at least 30 days to clear the alleged violation after which the business or individual in violation of the CCPA is subjected to a civil penalty not exceeding $2,500 for every violation made in negligence and $7,500 for every violation made intentionally.
A business may get a private right of action when it fails in implementing and maintaining reasonable security practices and procedures which may result in a breach of data.
Consumers are required to provide 30-day advance notice of the alleged violations to the business in order to give the business room to cure the violation before proceeding to file a lawsuit.
ConclusionThis is just the tip of the iceberg of what you need to know about the California Consumer Privacy Act. If you run an online business, you’ll need to be well informed and fully compliant with the privacy law.