A new year brings new opportunities to build stronger relationships with consumers. For certain companies doing business in California, that now also means adhering to the California Consumer Privacy Act (“CCPA”). As you have likely seen, CCPA is a new law enacted by the California legislature aimed at regulating the collection, use and disclosure of consumer data which provides enhanced privacy rights. The law came into effect January 1, 2020.
It’s anticipated that CCPA could inspire similar consumer privacy laws across the rest of the United States, with companies like Microsoft honoring the privacy rights for consumers across the US, and with similar state and national legislation in proposal.
What does CCPA do?
CCPA aims to give California consumers increased transparency and control over how companies use and share their personal information. Under the new legislation, consumers can request information about and obtain copies of their personal data that businesses have collected, as well as request that a business deletes any personal information stored about them. Additionally, consumers can opt-out from having their personal information “sold” to third parties, with an exception for “Service Providers.”
On the business side, companies must provide methods for consumers to exercise the rights to request their personal information, and cannot charge additional fees or degrade quality of services for consumers who exercise their rights.
What it means for marketers
For those familiar with GDPR, a simple way to think about CCPA is that it means affected consumers opt-out for data protection while they opt-in for data protection for GDPR. As a marketer, it’s important to be aware of your company’s plans to comply with CCPA and ensure that consumers have at least two simple ways (e.g., website popups, toll-free phone numbers or a dedicated section in your website/app, etc.) to opt out of data collection and clear language explaining how your brand is using their information.
Who does it affect?
Are you still wondering if CCPA affects your brand? The new law applies to organizations that do business in California and have an annual gross revenue over $25M, that buy, receive, sell, or share the personal information of at least 50,000 California residents each year, or make at least 50% of annual revenue from selling California residents’ personal information.
How Olapic is preparing for CCPA
Although enforcement is not set to begin until mid-2020, Olapic’s legal, product and engineering teams have already been working to determine the impact of the legislation and take action accordingly. Similarly to how we addressed changes related to GDPR, Olapic will aim to comply with the CCPA’s requirements by leveraging our existing tools, controls, and processes and by providing additional resources to our customers. Our goal is to partner with customers to meet CCPA obligations including consumer disclosure and deletion requests. To learn more about Olapic’s existing position on trust, security, and data protection, please click here.
For more information on the CCPA, including the full text of the law, as well as FAQs on how it affects businesses and individuals, please visit the Californians for the Consumer Privacy website. Please note that the CCPA is new legislation, not yet tried in practice, and untested by the Californian courts.
The content in this article is intended for informational purposes only and is not intended to provide, and must not be used as, legal advice about the content, interpretation or application of any law, regulation, or regulatory guidelines. Please seek your own legal counsel to understand the applicability of any law or regulation related to the processing of personal information.