Custom Technology Solutions
Why clients love us
What sets us apart
Solutions for Your Business
Expert views on the industry
Ready to Talk?
Schedule a Consultation
January 2020 will bring changes to data privacy and security rules for businesses operating within, or interacting with residents of, the state of California.
The California Consumer Privacy Act is the first of its kind in the U.S. It represents a sweeping set of laws that affords its residents information on what personal information has been collected on them, with whom it has been shared, how to delete it, and how to prevent the sale of such data. Compliance with the California Consumer Privacy Act will force businesses to be more transparent with data collected on consumers while simultaneously allowing consumers to hold businesses accountable for their treatment of consumer information.
What is the California Consumer Privacy Act?
Although it’s called the California Consumer Privacy Act (CCPA), the regulations have wide-ranging impacts in the United States and beyond. Much like GDPR in the European Union impacted American companies and consumers, so too will the California Consumer Privacy Act.
To fall within the jurisdiction of the California Consumer Privacy Act, businesses must work in the state of California or collect personal information on residents of the state. Additionally, businesses must fall under one of the following criteria:
Those businesses not meeting the above-listed criteria will not be largely impacted by the CCPA, but those meeting even just one of those have a lot of work to do.
The California Consumer Privacy Act is broad in scope, substance, and enforcement, covering new forms of data like internet browsing history, metadata, and IP addresses. It also redefines what a sale of data “looks” like, stating that data does not have to be given in exchange for money, but expands the definition to include anything “valuable” to the holder of the data. Essentially, trading data for goods or services are covered under the California Consumer Privacy Act.
Companies looking to comply with the California Consumer Privacy Act will not find a wealth of information within the act itself. In fact, there is no roadmap to compliance given by the state, rather just some general ideas of what businesses will be required to do and timeframes around those actions.
What does my business need to do?
First: don’t panic.
The California Consumer Privacy Act goes into law on January 1, 2020, but you’ve got plenty of time to determine what compliance looks like for you. Six steps are recommended for immediate implementation in order to make compliance easier:
Penalties for Non-Compliant Businesses
Under the California Consumer Privacy Act, penalties are based upon unauthorized access incidents – be that breaches, exfiltration events, theft, or unauthorized disclosure due to poor security procedures and practices.
Fines will range from a maximum fine of $2,500 per violation for non-civil cases and a maximum of $7,500 for each violation in suits brought by the California Attorney General.
The intent is a critical component of each fine category, as the $2,500 fine is for non-intentional violations, while the $7,500 would be the maximum for intentional actions.
What are my next steps?
The California Consumer Privacy Act is more intensive than GDPR, requiring companies to take additional steps to ensure customer data is secure.
Most companies will need to consult with experts in data management, cyber security, and network security to ensure all aspects of the California Consumer Privacy Act are met before the regulations go into place.
The penalties and potential for embarrassment from a breach are strong and place an extraordinary amount of responsibility on businesses to keep data safe.
A partner like Archetype SC, with expertise in data, cyber security, and database management, is an excellent resource to answer questions and provide consultations on California Consumer Privacy Act compliance.
We provide IT solutions and services to empower our clients to focus on growing their core business and their employees.
Phone: (843) 353-2929
Address: 1012 38th Avenue N, Suite 301, Myrtle Beach, SC 29577