It’s time to talk about the California Consumer Privacy Act (CCPA), and it’s not as cut and dry as you might hope. And, that statement applies to consumers and businesses. The Act went into effect on January 1, 2020, but at this point, it’s not exactly final. The rulemaking process is actually with a final draft expected before July 1, 2020. The significance of July 1? Well, that’s the anticipated enforcement date, meaning organizations need to be in compliance by then. Although that doesn’t sound like a lot of time to get things in order, it really is considering the act was passed in June of 2018.
But what does the Act actually mean, and how does it pertain to consumers and businesses? That is the million-dollar question, isn’t? Let’s start with what the Act means. The CCPA is intended to protect consumers and give them more options when it comes to how businesses store and use their information. More specifically, the Act indicates that consumers have a right to:
- Know more about a business’ privacy practice
- See, delete and download their personal information (PI) that a business stores
- Sue businesses for certain types of data breaches
The Act Restrictions
In addition to those rights, the Act also restricts a company’s right to sell personal information and discriminate against consumers that exercise their privacy rights. Sounds pretty simple right? Hold that thought.
First, it’s important to note that consumers need to act (no pun intended) in order to experience any benefits of this Act. Meaning that you, as a consumer, need to read privacy policies, be conscious of the information that you actively give to businesses and if you feel it is important, request to see the information that a business has stored about you, and if you would like the information deleted, ask to have it deleted. These are important steps and put you in the proverbial driver’s seat.
Although that might seem like a lot of work, it is nothing compared to what businesses will go through to ensure they are complying with the CCPA. Here’s a start of what organizations should be considering (technically implementing at this point) relative to CCPA:
- IT infrastructure and the strength of it
- Data storage solutions
- Privacy policies (they might need to be updated)
- How to handle personal information data inquiries
- How to inform consumers about company practices throughout their engagement process with the company
- What consumer information is actually a necessity to do business
- Updates that need to be made to web presences
Compliance and Violations
And, businesses may need to consider hiring a CCPA specialist to ensure they are in compliance and continue to stay in compliance. The alternative is getting fined. And those fines could get pretty high, up to $7,500 per violation. And speaking of cost, there is a cost associated with businesses implementing these privacy needs. The cost will be different for each company, but it is still a cost.
But let’s go back to the important detail at the beginning of this article – the rulemaking process is still ongoing. This is both good and bad. The good part is that the importance of consumer privacy is being taken seriously. The bad part is that the fluctuations could make it more challenging for businesses to comply. And speaking of challenges, other states are in the process of coming up with their own privacy laws. And, there are talks of federal law on consumer privacy as well. A federal law would certainly help, but it’s not likely a near term situation.
What do you need to know going forward? The topic of consumer privacy isn’t going away. In November, for example, there are plans to push forth another initiative that would create an independent agency focused on privacy law. This independent agency would have the power to audit companies for compliance. And, change is inevitable. Just Google “recent CCPA news” – there is new information from a few days ago! The best course of action for businesses is to go through the necessary steps to achieve compliance and leverage outside resources if needed.
And, keep an eye on the news…there is bound to be more information coming out about CCPA within the coming months, and certainly around the July 1, 2020 date.