Data Privacy

What is the California Consumer Privacy Act (CCPA) and how does it impact me?

*The information in this article about the California Consumer Privacy Act (CCPA) is not and should not be considered legal advice. Please consult your legal counsel to determine its impact on your company and your email program. 

With increased technology innovations for gathering and sharing personal data through social networks, mobile apps, search engines, and online commerce, the potential for misuse of personal data has increased dramatically. In order to increase the personal data privacy protections for California residents, the California legislature passed the CCPA on June 28, 2018.

Key points

  • CCPA text
  • Date the law is enforced: January 1, 2020.
  • Penalties: Failure to comply with the CCPA can result in penalties up to $7500 (USD) for each violation.
  • Changes to the CCPA: Amendments to the CCPA may occur prior to the enforcement date. Be sure to consult your legal counsel for details about any amendments to the law.

What is the CCPA?

The CCPA is a state law that gives California (United States) residents more control over the use of their personal information. It is similar to the European Union's General Data Protection Regulation (GDPR).

With this law, California residents have the right to:

  • Know what personal information is being collected about them
  • Know whether their personal information is sold or disclosed and to whom
  • Say no to the sale of personal information
  • Access their personal information
  • Equal service and price, even if they exercise their privacy rights

How does it impact me?
Any company that processes data for California residents must comply with the CCPA if they meet one or more of these three thresholds:

  • Annual gross revenues of $25 million (USD). The CCPA does not specify that the revenue must only be generated in California.
  • The company obtains personal information from 50000 or more California residents, households, or devices annually
  • 50 percent or more annual revenue is derived by the company from selling California residents’ personal information

Should your company meet the requirement for compliance, you must take action to allow California residents control of their personal information as outlined within the law by January 1, 2020.

Be sure to consult your legal counsel to determine what changes are required to comply with the law.

You may be required to:

  • Change your privacy policy
  • Change your terms of use agreement
  • Collect more information about where your customers live
  • Keep better records about how personal data is collected
  • Keep better records about to whom the personal data is sold
  • Allow a California resident the ability to opt-out of the sale of their data
  • Include a link on your website to make the opt-out process easy
  • Be prepared to respond to a verifiable request for personal information free of charge within 45 days of the request date
  • Change your consent process for a minor child

 

 

Related articles

Turn your data into revenue

Whether you’re looking to optimize the performance of your email marketing, data management or sales functions, Validity is your trusted partner to ensure you’re reaching who you need to.

Company
Products
Solutions
Resources
Contact