Privacy is becoming a major concern for online consumers, especially now that mobile devices, online commerce sites, and social media platforms play a fundamental role in everyday life. Almost every device is connected to the internet, and online shopping continues to soar, making privacy a priority.

The need for privacy motivated The State of California to pass into law the California Consumer Privacy Act (CCPA). This was after a series of high-profile data breaches and poor handling of personal data by marketing agencies. The CCPA Act takes into effect in January 2020 and seeks to regulate how businesses collect, use, and disclose customer data.

What is CCPA?

The CCPA is similar to the General Data Protection Regulation (GDPR), which protects EU citizens. The two laws focus on protecting their citizens’ customer data, the main difference being the geographical location. While GDPR has been in effect since 2018, CCPA will commence on January 1, 2020.

Once it takes effect, CCPA will protect consumer data and hold businesses accountable. Companies tend to collect customer data, mishandle it, or even sell it. This exposes consumers to privacy breaches considering that consumers have very little knowledge of the kind of data collected. Also, companies rarely disclose what they do with the data collected.

CCPA seeks to change this by regulating how companies interact with consumer data. It gives consumers the right to know the kind of data being collected, the right to protection, and the right to say no, especially when a business wants to sell or share consumer information.

What’s the effect of CCPA on businesses?

California is home to companies like Twitter, Apple, Google, and Facebook. Almost every major company that thrives on consumer data has its headquarters in California, which makes the CCPA even more relevant.

Companies like Netflix, Google, and Facebook are known to collect user data but hardly disclose how the data is used. Most of these companies sell customer data without disclosing sales. CCPA aims to curb the rampant collection and sale of consumer data.

According to the CCPA, businesses will have to disclose more details on data collection to their customers. Businesses are required to specify the information collected on the customer, the sources, the commercial purpose of data collection, and any third parties the companies intend to share the data with.

Any company that doesn’t disclose this information to its California customers will face penalties. According to the Act, companies are liable to a fine not more than $2,500 for each violation. However, for intentional violations, the fines go up to $7,500.

The Act also empowers the consumers by giving them the right to request companies to delete their data from company records.

While the laws set to take effect in 2020 are tough, they don’t affect every company and business. The law only applies to businesses that gross over $25 million every year, derive more than 50% of annual revenues from the sale of consumer information or engage in the collection, sale, and sharing personal information collected from 50,000 or more California residents, devices, or households.

Key differences between CCPA and GDPR

• CCPA protects California consumers while GDPR protects EU residents.
• CCPA applies only to businesses, while GDPR applies regardless of revenue or size.
• GDPR penalties are capped at 4% of the company’s global annual turnover while CCPA fines are capped at $2,500 for violations, $100-$750 for damages, and $7,500 for intentional violations.
• CCPA focuses on personal information, while GDPR focuses on personal data. The definition of the two differs. The former encompasses any information that can be linked either directly or indirectly, to the customer. Personal data covers any information that relates to the identifiable subject such as an address, IP, name, or social security.

Preparation for CCPA implementation

The start of 2020 means the CCPA goes into effect. Companies are racing against time to comply with these regulations before the year ends. You can start by hiring CCPA officers to audit your system and establish where personal data is stored. This is vital since the law requires companies to have clear records from the previous year. The team of CCPA officers will also ensure that the company adheres to the regulations and requirements.

Preparation should also involve employees, educate your employees on the Act and ways to enforce it. Ensure that every party understands the significance and how a single violation could affect the business.