As a California resident, the California Consumer Privacy Act (CCPA) is the first law of its kind in the U.S. that grants citizens control over their data. However, this is dependent on how much you understand about it and your ability to make good use of it. Generally, the CCPA takes a broader view than Europe’s General Data Protection Regulation, when it comes to private data. Therefore, the security challenge is to find and secure personal data.
You may not know it, but your data is a general asset, be it your name, shopping habits, or location. Many businesses have access to your data either by purchase, exchanging, collecting, or selling it. More companies have access to more information about you than you can imagine. In fact, the largest data brokers have built entire businesses on your data!
[RELATED: What are data brokers?]
Although you may not be aware, organizations use this information in ways you potentially never agreed to while they make money from it. Unfortunately, there hasn’t been much you can do to stop them, until now, thanks to the California Consumer Privacy Act (CCPA).
“Privacy policies including GDPR and the CCPA have helped to establish increased transparency within the digital advertising industry, however, we’re still finding that many consumers simply do not understand how their data is collected and used.
Raphael Rodier, CRO International at Ogury via MarTech
Generally, the California Consumer Privacy Act is a one-way consumer privacy act in the U.S. This protection includes a transparency right that requires companies to notify users about collected and shared data. It also gives the user a right to their information that is being stored. Users have the right to keep, to opt-out, and to delete their own data.
After reading this article, you’ll understand what CCPA is and when it’s applicable. Also, you’ll be able to know how to avoid being the victim of a data breach.
What is the CCPA?
As a resident of California, the CCPA is a regulation set to protect your data privacy rights. The law forces businesses to provide consumers with more information about their data. This includes what they do with their personal information. This regulation also gives consumers more power over the sharing of their data.
The real problem that this regulation addresses is that most consumers are unaware of what happens to their data. Most people don’t even know their personal information is being sold or shared with third parties.
How does the CCPA work?
The California Consumer Privacy Act aims to protect Californians’ data privacy just as GDPR protects Europeans. Although it may seem like a harsh blow to companies, it’s a massive boost for consumers who value their data privacy.
Since it’s your data, you own it, according to the new law. However, the entities who use your data haven’t been held responsible for misusing users’ data without their consent. The CCPA’s goal is to change that. The CCPA will give Californians new rights on how personal information is handled.
The types of personal data being protected in the law include:
- Credit card numbers
- Postal addresses
- Political affiliations
- Geolocation data
- Real names
- Demographics
- Age
- Browser and search history
- Income and tax information
When does the CCPA apply?
Generally, the CCPA applies to companies whenever or wherever these conditions below apply:
- The business is based in California
- The target audiences are Californians
When businesses cross any of the below thresholds:
- A total of $25 million annual gross revenue or more
- If they obtain personal data of a minimum of 50,000 California citizens, devices, or households annually
- When they generate at least 50% annual revenue from selling Californians’ personal information
Your privacy rights under CCPA
The CCPA gives consumers the following rights:
#1: The Right to be deleted from saved records
In general, the law grants consumers the right to request the deletion of all their data collected. So, businesses must delete personal information relating to any verifiable personal requesting data deletion. This includes instructing any third-party service providers to delete the consumers’ data from their records on requests.
#2: The Right to be Forgotten (Right to Opt-Out)
Under the CCPA act, a consumer can inform businesses about their choice to opt out or be forgotten. For companies that sell consumers’ data to third-party services, consumers can tell them to stop selling such personal data.
Once a company receives the request to stop selling information from a consumer, it’s prohibited for them to continue selling such data. Companies can only request for consumer’s authorization after 12 months of opting out.
#3: The Right to Opt-In (Consent for minors)
Companies are prohibited from trading consumers’ personal information if the consumer is a minor, i.e., below the age of 16. As such, companies may only sell the data if:
- the consumer opts-in, and they are between ages 13 and 16
- the consumer is below age 13, and the consumer’s guardian or parent opted-in on their behalf
CCPA compliance for businesses
Are you wondering how to avoid being the victim of a data breach? Or you want to know how you can comply with the CCPA act? Follow the tips below to help your business comply with the CCPA acts.
- Prepare your business by identifying and analyzing your data assets
- Implement your analysis by adjusting the data permissions where necessary
- Maintain your business by continually reviewing the data permissions
The future of privacy
The CCPA is already setting trends. Several CCPA copycat laws are already in Maryland, New York, North Dakota, Massachusetts, and other states. This means businesses and consumers can now work together on how data are circulated. It’s also not long before there’s a national privacy law.
If you don’t want to share your information, CCPA gives you the right to access, delete, or keep your data with third parties. It’s important to know your privacy rights under the CCPA!
