October 28, 2019
The California Consumer Privacy Act of 2018 (“CCPA”) will have a significant impact on the protection and usage of personal information for California residents. Ripple effects will be felt elsewhere, as other states, and possibly the federal government, are expected to pass similar legislation.
This blog post is intended to provide some key data points to help you understand the CCPA law, and to help you determine how, and if, it applies to you and your company. If you need additional guidance on how to proceed in the wake of this new legislation, please reach out to our team at BLEND360 (firstname.lastname@example.org).
Is Your Company Impacted?
Ask yourself the following questions to determine if your company is impacted by the CCPA legislation. If your company is for-profit and does business in California, your company will fall under the jurisdiction of this law if any of the following additional criteria are true:
Service providers are not exempt from this law. Although most of the liability falls to the company for which they collect data, service providers are responsible to follow the directions of that company, including deleting records if a consumer requests it.
Who Is Protected?
In short - any consumer who is a California resident. California residents can also include those with addresses in California, but who are out of state for a temporary reason (i.e. travel, job needs, etc.).
A consumer, in the case of this legislation, can include households, individuals, or associated devices that purchase household goods or services. Employers are not exempt, as employees are also a protected class under this law. Even business-to-business transactions are covered.
In addition, businesses cannot store personal information on a California consumer (for later use) and then officially collect the stored information after that consumer is outside California.
What Does Personal Information Mean?
CCPA expands the definition of personal data beyond personally identifiable information. Specifically, the following categories of data will qualify as “personal data” under the new law (we have provided a few example metrics in the chart below):
What Are Other Key Aspects Of The CCPA Legislation?
Possible Consequences Of Non-Compliance
Currently, two types of penalties are planned for non-compliance with the CCPA:
As a result of these penalties, a company that is not in compliance could easily face fines in tens of millions of dollars. If your company is found to not comply, the CCPA does grant a 30-day period to correct noticed violations. It is best to proactively comply than to reactively rush to modify processes and data collection based on a noticed violation.
How BLEND360 Can Help
Compliance with the California Consumer Privacy Act of 2018 (CCPA) will be a daunting task. We can help. Whether through our Adobe Consulting or Data Science practices, we can work with you to develop a sound strategy to meet the requirements of the law, while maintaining effective marketing practices. Contact us today at email@example.com.