Europe has been ahead of the curve in regard to protecting its citizens’ online privacy with its General Data Protection Regulation (GDPR) law. For several years, European businesses have been required to protect EU citizens’ personal data and privacy and have paid dearly for non-compliance. Now, California has passed its own privacy law, AB 375, known as the California Consumer Privacy Act (CCPA).
The good news is for businesses already in compliance with GDPR, they are not that far from CCPA compliance. But let’s take a closer look at what this could mean for your business going forward.
How is CCPA Different from GDPR?
Written in an unheard-of one week, California legislators wrote CCPA with a broader view on private data than GDPR. Consumers in California will be able to demand to see all of the information that a company has saved on them, along with a list of any third parties that have access to their personal information. Consumers will additionally be able to sue companies if their privacy guidelines have been violated, even if a breach has not occurred. This is serious news for larger companies.
Is My Company Affected by CCPA?
Even if a company is not located in California, as long as they serve residents of California and have at least $25 million in annual revenue, they fall under the CCPA. Also, companies that collect personal data on more than 50,000 people are affected.
Since the law goes into effect on January 1, 2020, it is imperative that companies go back and track all of the data since the beginning of 2019 because consumers have the right under CCPA to request the collected data for the past 12 months. This leaves many companies with a very tight timeframe to comply.
What if My Company is Not in Compliance?
The fines are steep and can add up quickly. Currently, companies have 30 days to comply once they are notified of a violation. However, it is expected that there will be many amendments to CCPA due to its very quick passing of a week.
Unlike GDPR, CCPA allows individuals the right to sue. Class action lawsuits can also be filed for damages. With the 30-day window, at least companies will have time, albeit brief, to cure the privacy violations. With hefty fines and a shorted time frame, many companies need to act quickly to ensure that they are in compliance.
For example, the law allows for penalties of $100 to $750 per consumer per incident. When added into all the other costs of a breach—IT response, legal costs, notification to consumers, etc.—a business could be pushed to the brink of bankruptcy.
Consumers Have the Right to Share
One specific law in the CCPA requires a visible footer on a website that offers consumers the option of opting out of data sharing. If this footer is missing, consumers can sue. In addition, they can also sue if they cannot determine how their information has been collected and shared.
Personal information such as real name, online IP address, email, personal property records, geolocation data, employment-related information, and educational information are just a few of the many items considered “personal information” under AB 375.
The California law takes a broader approach to what constitutes sensitive data than the GDPR. For example, olfactory information is covered, as well as browsing history and records of a visitor’s interactions with a website or application. Here’s what AB 375 considers “personal information”.
What is clear with CCPA is that California is now putting the power into the consumer’s hand as to what information they want to be shared and how it has been shared with already. Since the bill was put together in just 7 days, it is almost a certainty that amendments and changes will be made in the future. Both businesses and consumers should keep a close eye on CCPA in the near future.
About Neilson Marketing Services
Since 1988, Neilson Marketing has been implementing innovative marketing solutions and strategies for our clients in all areas of marketing. Contact us today at (866) 816-1849 to put our talent, expertise, and vast resources to work for you. Let’s make things happen, together!