Last month the state of California approved a privacy law that will involve many changes being made on how companies handle consumer information. The California Consumer Privacy Act of 2018 (CCPA), gives consumers the right to know what information is collected about them as well as what the companies will do with that information. This Act is one of the strictest in the U.S.
Even though this law will not go into effect until January 1, 2020, it is best that companies begin to practice this law now. This new law mirrors EU’s General Data Protection Regulation (GDPR), in many ways. The General Data Protection Regulation brought anxiety to companies all over the world as well as marketers. The anxiety caused these companies and marketers to reevaluate how consumer information was handled.
Marketers will have a better opportunity to transition these changes that were made into laws in a more strict format.
This is what needs to be known about the California Consumer Privacy Act of 2018.
Who are the companies that CCPA applies to?
Any company collecting personal information about consumers is who the California Consumer Privacy Act applies to. The company will also have to fall into one of the following categories:
- A gross revenue that exceeds $25 million
- Personal information of 50 thousand or more consumers, households or devices, that is bought, sold, received, or shared
- Consumers’ personal information that is a company’s revenue of 50 percent or more than the annual revenue.
What are the rights of the consumers?
The following rights must be complied with by businesses:
The Right to Know or Be Informed: The consumers must now be provided with certain pieces of personal information that businesses will collect and with who these businesses will share their personal information with. Businesses will also be required to disclose this information in privacy policies as well as with consumers who request this information.
Right to Access: The personal information of consumers must be provided to them by businesses in an accessible format if requested.
Right to have Information Deleted: Consumers have the right to request that their personal information is deleted with some exceptions.
Right to Opt-Out: Consumers have the right to require that companies stop the sale of their personal information.
Right to Opt-In: Unless parents opt-in their children who are between the ages of 13-16, then their information cannot be sold.
What other things do the CCPA do?
Additionally, the CCPA:
- Will require that a link on a business’ website, titled, “Do Not Sell My Information,” be added, so that consumers can opt out if they want to.
- Will hold businesses responsible for any breach of data that happens if that business fails to secure consumers’ information. There will also be damages between $100 – $750 permitted by each consumer.
What is the difference between CCPA and GDPR?
No Consent Requirement: There is no opt-in consent with CCPA unless it involves a minor.
“Robust Notice and Choice” is a requirement: Instead of asking for consent explicitly, a business must provide a link to their home page for a consumer to opt out if they want to.
Specific Rights for Handling Consumer Rights: With the CCPA, businesses will be required to make it possible for consumers to contact companies and apply their rights to privacy. This contact may include a website or a toll-free telephone number.
Fewer requirements on recordkeeping: Specific record keeping requirements are put in place by the GDPR. However, the CCPA does not have these certain requirements.
Marketers use data as a tool to understand the needs of consumers while providing them with helpful content. The marketers who practice a healthy and strong data requirement policy does not have to spam customers and always provides them with the most relevant and helpful information.
However, consumers are cautious. That is why we, at HyenaFox, work hard to utilize industry-standard practices along with our apparent privacy policy. This is also why many corporations around the world trust in us with their day to day data needs.
It is still unseen how these regulations will be interpreted. However, the changes in companies should be considered as well as how they will adapt to the changes.