Key Provisions You Should Know from the CCPA
If your business has customers (or potential customers) in California, understanding and complying with the California Consumer Protection Act (CCPA) is mandatory. The law, which took effect on January 1, 2020, was designed to give consumers more control over their personal information. When businesses collect and handle such information, they must adhere to the CCPA’s requirements.
Key provisions of the CCPA include the following:
- “Personal information” is defined broadly and includes email address, IP address, education, employment or employment history, records of personal property, purchasing habits, biometric information, and geolocation data.
- Consumers have the right to opt out of the business selling or otherwise transferring for valuable consideration the consumer’s personal information to one or more third parties. Businesses must notify consumers of this right, providing a conspicuous link on the business website’s home page. For consumers between the ages of 13-16, the teen must opt-in to the sale or transfer of their personal information and for those under age 13, a parent or legal guardian must consent.
- Californians also have the right to find out what specific personal information businesses have collected about them, and to review that information free of charge within 45 days of a request.
- Consumers may also request the deletion of certain personal information maintained by the business, and businesses are required to provide at least two ways consumers can exercise this right to request deletion.
- Businesses may not retaliate against consumers who exercise their rights under the CCPA, and are obligated to protect personal information in their possession. Consumers may take legal action against a business that fails to encrypt, redact, or otherwise protect their information.
- Businesses must also include in their external privacy policies and employee privacy notices specific information about: 1. the personal information the company collects about consumers, including data sources, 2. why the information is collected, and 3. what types of third parties may have access to the information.
The CCPA does not apply to every company. Covered organizations include for-profit organizations with revenue of greater than $25 million, those that receive or share the personal information of more than 500,000 Californians annually, or those for whom at least one-half of their revenue is derived from the sale of California consumers’ personal information. If any of these three requirements is met, regardless of where the business is located, the CCPA applies unless the business is a health provider, insurer, bank or financial institution, or credit reporting agency.
CCPA enforcement began on July 1, 2020. To learn more about CCPA compliance and to discover how Baer Reed can support your efforts, contact us today.
- On September 14, 2020
- Back to post list