CCPA Compliance Services Consulting
The California Consumer Privacy Act (CCPA) gives California consumers the right to know if a business collects their personal data, what data they collect, and how they use it.
The act also allows consumers in California to opt-out of the collection or sale of personal information, and businesses cannot discriminate against consumers for exerting their rights.
While not quite as strict as the European Union’s General Data Protection Regulation (GDPR), it does give California residents more rights over their data and requires companies to be more transparent about their data collection than any other US state.
How the CCPA Defines Personal Information
Personal information is considered to be any information that identifies or relates to an individual. It could also include inferences that could be used to construct a profile about someone.
Some examples include:
- INTERNET BROWSING HISTORY
- SOCIAL SECURITY NUMBERS
- RECORDS OF PURCHASES
- EMAIL ADDRESSES
- LOCATION DATA
Which Companies Does The CCPA Apply To
Any business (excluding non-profits and government agencies) that collects personal data from California residents and meets one or more of the above standards must comply with the standard. It doesn’t matter if your business is based in California or not.
Companies that process personal data on behalf of a business that’s required to be compliant are also required to implement the measures in the privacy act.
Not every company will need California Consumer Privacy Act compliance services. However, you must comply if your business:
- MAKES A MINIMUM OF 50% OF ITS ANNUAL REVENUE SELLING THE PERSONAL DATA OF RESIDENTS IN CALIFORNIA
- SHARES OR COLLECTS THE PERSONAL INFORMATION OF OVER 50,000 CALIFORNIA RESIDENTS EVERY YEAR
- HAS AN ANNUAL GROSS INCOME OF OVER $25 MILLION
How to Get in Compliance With the CCPA
Currently, the California Consumer Privacy Act is the strictest guideline for consumer data protection in the United States.
- GDPR & CCPA Differences
One of the major differences between the GDPR and CCPA is that California residents have access to all the information collected and used about them. This not only includes personal data, but whether it was sold, who it was sold to, and the names and addresses of those entities.
- Why Compliance Services
Companies only have 45 days to comply with a consumer’s request for this information. Businesses may struggle to gather and organize all this material, especially larger organizations that collect huge amounts of data. This is where California Consumer Privacy Act compliance services can be beneficial.
To be in compliance, you will also need to:
- Notify consumers before collecting their information
- Create an easy way for consumers to request that you not sell their data
- Disclose any financial incentives you’ve received for the sale of their data
- Disclose how the value of those incentives was determined
- Maintain an inventory of personal data
- Keep records of consumer requests for the data collected, to delete their data, or to opt out of the sale of their data, and your response (you must respond in a timely manner and retain records of the correspondence for 24 months)
Organizations that receive, purchase, or sell the personal data of over four million consumers in California will have extra responsibilities in regard to the act.
What Are the Penalties for Non-Compliance?
Even if your company doesn’t need to attain compliance, it might be a good idea to implement some of California’s Consumer Privacy Act measures. Why?
- Take Immediate Action
If you haven’t taken advantage of California Consumer Privacy Act compliance services and you’re found to be non-compliant, you’ll have 30 days to correct the situation.
- $7,500 Per Violation
If you haven’t corrected the situation in 30 days, you can incur fines of up to $7,500 per violation.
- Lawsuits & Damages
That’s in addition to the victims’ right to seek damages and class-action lawsuits.
- Severe Penalties
Currently, you could have to pay up to $750 per consumer for every incident, or actual damages, whichever number is higher.
Helping Companies Gain CCPA Compliance Nationwide
Compliance and threats Even if your company doesn’t need to attain compliance, it might be a good idea to implement some of California’s Consumer Privacy Act measures. Why?
Other states are in the process of adopting stricter privacy laws around consumer data. Taking steps now to comply with data privacy regulations can make it easier for you to abide by new requirements in the future.
At Solvere One, our IT security professionals help businesses with California Consumer Privacy Act compliance services. We work with you to design and execute a comprehensive plan to gain compliance for your organization.
As the CCPA is new, it will likely have many changes in the future. By working with us to manage your compliance practices, you can quickly adapt to new policies for best results.
Do you need to comply with the California Consumer Privacy Act (CCPA)? Contact us today at (202) 905-2722 to get started with a risk assessment of your business and take advantage of California Consumer Privacy Act compliance services!