The California Consumer Privacy Act (CCPA) became law on January 1st 2020 in the state of California and places additional legal requirements on businesses and organizations when it comes to handling data. The law is comprehensive with a number of detailed statutes reflecting today's new digital age, and how valuable data has become. CCPA gives consumers new powers and rights when it comes to their data, which businesses must comply with in order to avoid being fined or found in breach of its provisions. Some of the statutes include:
Business compliance and impact
Businesses affected by CCPA include those which hold or collect personal data from consumers, and are doing business in the state of California. There are three thresholds which organizations will fall under when considering if CCPA applies. These are:
In alignment with CCPA, businesses are expected to implement data security practices that can support the protection of consumer data across its organization - where consumer data is being handled.
See our Data Destruction Auditor to learn more about data auditing.
Business processes required under CCPA
Businesses adhering to the CCPA must implement the following processes to be compliant. If they fall within one or more of the compliance thresholds then CCPA will apply:
These are:
Fines and sanctions that can be imposed under CCPA provisions
Signed by Governor Brown in June, 2018, and enacted on January 1st, 2020, the California Consumer Privacy Act enhances consumer protection and holds businesses to account that do not protect data, or suffer from data breaches where consumer information is accessed without consent.
See our resources page for more information on the latest data laws and data security related topics. You can also explore data degaussing to discover more about safe data erasure and disposal.