Operating a venture in California? Your utmost concern is data privacy concerns of you and your clients: The California Consumer Privacy Act (CCPA) along with the California Privacy Rights Act (CPRA), which amends CCPA, serves as the strongest pillars of consumer privacy rights in their state. Knowing all these acts and complying with them is useful for any organization that will collect data from California residents.
This is a business in California, and data privacy is a very key concern for you and your clients. The California Consumer Privacy Act (CCPA), along with the California Privacy Rights Act (CPRA), which amends the CCPA, provides the strongest basis for consumer privacy rights across the state. Knowing these laws and complying is essential for any organization collecting data from California residents.
What is the CCPA?
Enacted in 2018, the CCPA empowers California residents with the right to:
- Know what personal information a business collects about them.
- Access their collected personal information.
- Delete their personal information.
- Opt-out of the sale of their personal information.
The CCPA applies to businesses that meet certain thresholds, such as having over $25 million in gross revenue or handling the personal information of more than 50,000 California residents.
What is the CPRA?
The CPRA, effective as of January 1, 2023, expands on the CCPA and introduces new consumer rights, including:
- The right to correction of inaccurate personal information.
- The right to limit the use of their sensitive personal information.
- The right to know about the use of their personal information for profiling purposes.
The new law also intensifies the current rights of the CCPA and imposes more rigorous business standards concerning sale and sharing of information.
What does this mean for your business?
Shall your enterprise do business in California or collect data from the residents of the state, then compliance with CCPA and CPRA becomes mandatory. Such compliance includes:Development of robust data practices around privacy: This should involve identifying personal Identifiable Information collected, how it is used, and with whom it is shared.
Establishing procedures for consumer requests: This means being prepared for requests to access, delete, or opt-out of the sale of personal information.
Finalizing an up-to-date privacy notice: Explicating the data privacy practices, including how customers can exercise their rights under the CCPA and CPRA.
Compliance can be complex, but it's essential. Failing to comply with CCPA and CPRA can result in hefty fines and damage your reputation.
Here are some resources to help you get started:
- California Attorney General's CCPA website: https://oag.ca.gov/privacy/ccpa
- International Association of Privacy Professionals (IAPP): https://iapp.org/
By taking proactive steps towards compliance, you can demonstrate your commitment to protecting consumer privacy and build trust with your California customers.
