In this article, we try to demystify the California Consumer Privacy Protection Act (CCPA) for small and medium-sized enterprises (SMEs) concerned about CCPA compliance.
The CCPA became law in California on June 28, 2018. The CCPA gives consumers more control over the personal information that businesses collect about them. Moving forward, businesses that target California residents must protect certain consumer privacy rights. Under the CCPA, California resident have numerous privacy rights. These include, the right to know what personal information is collected. The right to request their personal information be deleted. The right to opt out of the sale of their personal information. And the right to non-discrimination for exercising the rights provided by the CCPA.
The CCPA applies to businesses with a gross annual revenue exceeding $25 million. The law also applies to businesses who receives 50% or more of annual revenue from the sale of consumer personal information. The law does not apply to nonprofit organizations (NGOs) and businesses without California residents as customers. However, the CCPA applies to third parties that handle personal information and forbid third parties from reselling personal information that was sold to them without consumersâ€™ consent.
This California law prohibits the selling of personal information of California residents under the age of 16 without appropriate consent. For teenagers 13 to 15 years old, the law requires businesses obtain affirmative consent from these individuals before collecting personal information. This requirement requires business to establish an opt-in mechanism prior to collecting personal information from children 16 and under.
The CCPA defines personal information as any information that identifies, relates to, describes, is capable of being linked back to the particular consumer or household. The CCPA exclude personal information that is deidentified. As mentioned above, the CCPA requires that business provide notice before collecting personal information. This includes, initial notice, website notice, and in certain instances the right to opt-out.Â
The CCPA provides consumers a private right of action and is the first U.S. statute to allow consumers to recover statutory damages as a result of data breaches. Under the CCPA, California residents have special remedies for data breaches including statutory damages between $100 and $750 per incident. The CCPA is enforced by the California Attorney Generalâ€™s office.Â
This article contains general legal information and does not contain legal advice. Appolo Compliance is not a law firm or a substitute for an attorney or law firm. For legal advice, please contact a lawyer.