The CCPA (also known AB 375) is the California Consumer Privacy Act. As of January 1st, CCPA compliance is essential for businesses that serve California residents. The CCPA provides consumer privacy protections that are similar to those outlined in the European Union’s GDPR act of 2018. The biggest difference is that the CCPA applies to companies that serve California consumers.
Which companies are affected by the CCPA?
The CCPA applies to any company that interacts with California consumers, AND,
- Has at least $25 million in annual revenue
- Collects data from at least 50,000 consumers
- Collects more than half its total revenue from selling consumer data
Remember, the CCPA applies to companies that serve California consumers; it doesn’t matter where the company is headquartered, or whether or not the company even has a physical presence in California.
The good news is; most companies that took the steps to be compliant with GDPR are now compliant with CCPA. Some publications have even said that GDPR is far more important than the CCPA. The key is to double check that any part of your company that interacts with California consumers is compliant.
What does the CCPA mean for consumers?
Under the CCPA, any California consumer can request to see a complete record of all the data a company has collected about them over the past 12 months. The consumer can also request to see a list of any third-parties that the company has shared that data with. Additionally, the CCPA opens the door for consumers to sue companies that violate privacy guidelines.
What are these “privacy guidelines” that consumers can sue over?
These privacy guidelines are important. The CCPA stipulates that companies must give California consumers the option to not have their information shared with third-parties. It’s not all bad for businesses though; CCPA compliance gives companies the right to provide discounts or incentives to consumers in exchange for collecting more of their personal information.
One example of violating privacy guidelines is if a company fails to include a footer on the website that allows California consumers to opt out of data sharing. Consumers can also sue if the company is unable to provide the requested data records.
The CCPA stipulates that companies have 30 days to comply with consumer requests for information. This is another big difference between the CCPA and the GDPR; the GDPR only gives companies 72 hours to comply.
All this went into effect on January 1st, 2020.
What kind of personal information does the CCPA cover?
The CCPA has broader definitions of personal information than the GDPR does. Under the CCPA, California consumers can request all their data relating to:
- Personal identifiers (SSN, email, IP address, etc.)
- Commercial Information (purchases made, purchases considered, etc)
- Biometric information
- Internet Usage Information (browsing history, website interactions, search history, etc.)
- Geolocation Data
- Audio or Visual Information
- Employment Information
- Education Information
So, what does WhatConverts CCPA Compliance look like?
While WhatConverts does not ever sell consumer data to third-parties, we have done the following to ensure we and our clients are CCPA compliant:
- A Data Protection Officer has been appointed.
- We have analyzed what personal data we process and confirmed our lawful basis for processing.
- We have completed a full analysis of our data security practices and procedures.
- We have updated our Data Protection Agreement.
- Procedures around data subject rights have been implemented.
- Our data breach response procedure has been improved.
- We have implemented increased data restriction controls, logging and monitoring.
- We are communicating with our customers about the CCPA and the updates to our relationship with them.
If any California consumer requests access to their data that’s stored in WhatConverts, we have the ability to promptly supply it. WhatConverts has always stayed true to our privacy guidelines, and we keep our business partners compliant with CCPA as well.
If you or your customers would like file a request for data under the CCPA or ask that the data be deleted, please email firstname.lastname@example.org.