CALIFORNIA CONSUMER PRIVACY ACT (CCPA)
The California Consumer Privacy Act (CCPA) is a state privacy law that regulates how businesses are allowed to handle the personally identifiable information (PII) of California residents. The CCPA regulation provides consumers privacy rights relating to access, deletion, and sharing of their personal information that is collected by businesses.
This new regulation changes how personal data of California residents are processed and requires companies that conduct business in California to implement structural changes to their privacy programs. Your business could be based anywhere, as long as your services are accessible in California, you could be covered by the CCPA and have to comply with the requirements.
Meet CCPA Compliance
The CCPA applies to for-profit businesses that collect and control California residents' personal information and do business in the state of California.
Organizations will need to observe restrictions on data monetization business models, accommodate rights to access, deletion, and porting of personal data, update their privacy policies or face possible financial penalties including liquidated damages.
Clarus Tech Partners can assess your compliance needs and develop and implement your CCPA compliance strategy.
The California Attorney-General can pursue CCPA civil penalties from any person that violates any section of the CCPA up to $7,500 per intentional violation or $2,500 per unintentional violation. CCPA also allows Californians to file suit against a business if their nonencrypted and nonredacted personal information is leaked, such as in a data breach.
In November 2020, California voters approved the California Privacy Rights Act (CPRA) which will expand and build upon the CCPA regulations and increase privacy requirements for businesses. As the privacy landscape continues to evolve, the CPRA enforces stricter protection of consumer privacy and is the strongest consumer privacy law to date enacted in the United States with similarities to the European Union’s GDPR and other global data privacy laws.
Prepare for CPRA
The CPRA demonstrates how data privacy and protection is a priority in California and how CCPA needs adjustments to the current regulation.
Businesses who process and/or store California resident data will need to assess and address potential compliance gaps in the near term to meet compliance by 2022, including businesses who have already been assessing and implementing CCPA and/or GDPR compliance efforts.
Clarus Tech Partners can assist your company in understanding, assessing, and implementing the CPRA compliance requirements.
The CPRA will go into effect on January 1, 2023 and will apply to data and information collected on and after January 1, 2022. Until this time, the CCPA will continue to be the presiding privacy legislation.