07 Jun

The California Consumer Privacy Act – is America ready?

California is the world’s fifth largest economy and will soon enforce strict new privacy laws.

The new privacy law, the California Consumer Privacy Act (CCPA), goes into effect on January 1, 2020.

Some of the best new technology companies are based in California, so it’s no surprise that the state’s gross domestic product rose by $127 billion from 2016 to 2017, surpassing $2.7 trillion.

It is the first government in the U.S. to regulate how businesses retain and use electronic consumer data. Consumers will get more say over the collection and use of their personal information.

The CCPA, will require all state for-profit businesses to disclose to consumers upon request the specific pieces of their personal information it collects and the sources of that information. Consumers can also require companies to delete personal information, refrain from selling it, and pursue legal action if businesses fail to comply.

Even if your organization does not have so much as a single branch office in California, if your customers reside there, you must comply with the regulation. Moreover, the CCPA protects the privacy of California residents wherever they are in the world, not just in-state.

The law states: “Many businesses collect personal information from California consumers. They may know where a consumer lives and how many children a consumer has, how fast a consumer drives, a consumer’s personality, sleep habits, biometric and health information, financial information, precise geolocation information, and social networks, to name a few categories.”

GDPR “Lite”

The CCPA in broad terms, mirrors the EU’s General Data Protection Regulation (GDPR).

It has even earned itself the  nickname “GDPR lite.” There are some similarities, such as parental consent and data processing restrictions. But the CCPA defines “personal information” more expansively and offers opt-out rights.

The world’s most powerful technology companies, including members of the Internet Association, have voiced their criticism over the new California law. This is mainly because most of their members enjoy revenue streams dependent on amassing user data.

Kevin McKinley, internet association director for California Government Affairs, told Yahoo Finance “Internet companies support an economy-wide, federal privacy law that provides all Americans with meaningful transparency and full control over how the data they provide to companies across all industries is collected, shared, and protected.

“The CCPA has many flaws that resulted from the abbreviated legislative process last year.”

McKinley said that in an attempt to rush the law through before the end of last year’s legislative session, the California legislature failed to tailor it in a way that ensures businesses can efficiently comply. He said that failure had prompted at least eight proposed amendments, currently under consideration.

Companies in California successfully petitioned local lawmakers to kill a bill that would have given citizens greater ability to sue firms for illegally collecting their digital information.

CCPA vs GDPR

There are some differences between what the GDPR does and what the CCPA covers.

Firstly, the CCPA will use an opt-out basis for consent whereas the GDPR uses an opt-in basis. This essentially means that users will have to actively reach out to companies to find out about what sort of information is being used. Additionally, the GDPR applies to any organization that holds personal data on EU citizens.

The CCPA, on the other hand, only applies to for-profit companies that process data on California residents. The organization must either do at least $24 million in annual revenue, hold the data of 50,000 people, or do at least half of their revenue in the sale of personal data.

Consumer rights

The CCPA establishes a consumer’s right to request that businesses disclose what sort of data is gathered about them. Unless you’re using a tool such as a virtual private network (VPN), it’s very likely that many businesses are gathering information about you whenever you’re online.

This will bring about much needed transparency to businesses all over California.

Research

However, it’s not all plain sailing. Worryingly, a recent survey by Dimensional Research of 250 executives and managers of U.S. businesses likely to be affected by the CCPA found that nearly half (44%) hadn’t taken any steps towards compliance.

Only 14% of respondents were confident they would even be ready by the time the CCPA takes effect.

But nearly three-quarters (72%) of respondents intend to catch up on compliance by investing in technology.

Google was recently hit with a $57 million fine for not properly disclosing to users how data is collected across its services, while Facebook faces several investigations by European authorities. Here in the UK, it’s very likely we will soon hear about many more enforcement actions.

So the U.S needs to make sure that their businesses need to take the CCPA seriously and remember that fines and threat to their reputations – just like with our GDPR – will follow if they don’t embrace and enforce the new regulations.

 

 

 

 

 

LATEST NEWS

BENEFITS

  • Feature
    No set up fee
  • Feature
    Maintain compliance
  • Feature
    Save time and resources
  • Feature
    Certified GDPR experts
  • Feature
    Protect your reputation
  • Feature
    Protect your business
THE COMBINATION OF GDPR CERTIFIED SPECIALISTS AND COMPLIANCE EXPERTS, BACKED BY OUR PROPRIETARY iCaaS SOFTWARE PLATFORM DELIVERS THE MOST EFFECTIVE GDPR COMPLIANCE, ANYWHERE.
Photo

Pricing

Check out our most popular packages to assist your business to achieve 100% GDPR compliance
  • PAY MONTHLY
  • PAY IN ADVANCE
    ONE MONTH FREE
24/7 portal access

30 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP Analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Extensive FAQs

1 authorised user

Instant access

£49 PER MONTH

Buy Now

£539

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

120 minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Automated legislation and ICO updates

Data breach support

Extensive FAQs

Up to 4 authorised users

Instant access

£99 PER MONTH

Buy Now

£1089

Buy Now
GET INSTANT PORTAL ACCESS
24/7 portal access

240+ minutes remote consultancy support per month

Chat, call or email the UK-based consultancy desk

Readiness assessment & GAP analysis

Monitored compliance chart dashboard

60+ tools, templates, processes and documents to download

Bespoke privacy policy creation

Subject Access Request management

Certificate of GDPR awareness

Advanced DPIA guidance

Proactive project plan tracking

Automated legislation and ICO updates

Enhanced data breach notification support

Extensive FAQs

Up to 10 authorised users

CONTACT US

Get In Touch
PRICE ON APPLICATION

INTERESTED...
TRY OUR DEMO

No need to wait. Log in straight away and take a look at our easy-to-use online portal 24/7.

ONLINE DEMO

HAVE ANY
QUESTIONS?

Our team of GDPR experts are here to offer you pre sales advice to help you choose the right package.

READY TO
GET STARTED?

Wherever you are, our solution helps you reach and maintain compliance.

BUY NOW

Get in
Touch

ADDRESS

8 Elmwood, Chineham Park,
Basingstoke, RG24 8WG

CONNECT WITH US