For those that have not yet heard of the California Consumer Privacy Act (CCPA), this may come as a shock to you; not everyone is thrilled. This act is to put the power back into the consumer’s hands, which, in theory, is a great thing. The only problem – that this will affect big business very little but could put many mom and pop shops in trouble. Small businesses are less aware of the seedy underbelly of collecting personal information. Big companies, however, know and use that information to profit off their consumer! Due to being able to pay the fines, these new requirements are not a priority to them, but they should be for you!
Whom does it affect?
The law directly affects larger companies (ones with gross annual revenue over $25 million) and companies that make their money primarily on selling users private information (more than half of their yearly revenue selling personal information). However, we have discovered this law will affect more companies than it initially intended, as the language is vague and has many caveats. For example, non-profits and schools are not subject to this law, unless they are an entity that controls or is controlled by a business that meets the previously stated requirements. Therefore, in theory, the Ronald McDonald House Charities will be subject to this law, as they are a part of the McDonald’s Corporation. Some companies are also under the false impression that because they are not based in California, this law does not apply to them. However, it does affect them if those companies have any consumers that are California residents. The law protects the consumer, not the State.
What is personal information, according to CCPA?
In short, it anything collected that could reasonably link, directly or indirectly to a particular consumer or household. As you can probably guess, this includes the following: their name, email, passport number, IP Address, and social security number, but it does not stop there it! It also includes browsing history, search history, and information regarding a consumer’s interaction with websites, applications, or advertisements, as well as geolocation data, professional or employment-related information. The list goes on and on and is growing daily as the enforcement of the law gets situated.
Most of the time, companies don’t even know why they are collecting this information or don’t realize that third parties they have collaborated with are collecting it on their behalf! YES, you can be responsible for information that someone else receives because you signed up for their service.
What are the risks of not being compliant?
CCPA allows the consumer to ask what information your company is collecting, where you are storing it, your sharing practices, and they can even demand that you delete it.
Can you answer all or any of these questions?
Not looking into the CCPA requirements could become very costly, as the creators of this bill wrote it in statutory damages. For people, such as myself, that did not go to law school, this means the amount awarded is not based on the degree of harm to the plaintiff. Instead, if the plaintiff can prove a company did not follow a single rule listed in CCPA, the company can have charges brought against them and must pay a minimum fine; even if there was no financial burden to the plaintiff.
Imagine having a data breach where the 20,000 random IP addresses a vendor has been collecting for your website traffic is exploited and 20% of them want to sue. That is almost half a million dollars at the $100 price point. But that is just ridiculous, right? Maybe. Maybe not. Certainly, lawyers and startup entrepreneurs are crafting ways to notify people if they are part of a data breaches.
California Consumer Privacy Act, may not directly affecting your company but bills just like this are being passed all around the world. One of them will impact you eventually! In the end, voluntarily learning about how to protect your consumer’s personal information may save you and your company time and money. For a more in-depth look at CCPA and how it may affect your business, register for our webinar.