Businesses
As California’s new privacy law goes into effect on January 1, 2020, every company, organization, and person who handles personal information regarding California consumers and employees are going to be impacted.
Given the importance of ensuring CCPA compliance, entities must understand that the CCPA applies to a “business” which:
- Handles personal information about California residents,
- Determines the purposes and means of processing that personal information,
- Does business in California, and meets one or more of the following thresholds:
- Has annual gross revenues in excess of US$25 million,
- Annually handles personal information regarding at least 50,000 consumers, households, or devices, or
- Derives 50% or more of its annual revenue from selling consumers’ personal information.
- Furthermore, the CCPA will also impact service providers that process personal information on a business’s behalf, as well as third parties that receive or purchase personal information from a business. However, nonprofit organizations fall outside the CCPA’s purview.
While the CCPA’s application and scope seem straightforward at first glance, a closer look reveals the need to address additional questions:
- How do you determine whether you are a service provider or a third party?
- Is the US$25 million annual revenue trigger applicable to revenue derived from selling personal information in California alone, or globally?
- How do businesses keep track of their operations and know when they’ve reached the threshold?
People
In addition, the CCPA grants California residents, or consumers, specific rights regarding their personal information that businesses maintain. If you’re a California consumer, you have the right to request that a business inform you about its processing activities with respect to your personal information, to delete your personal information, and to opt-out of the sale of your personal information.
All the hoops that businesses need to go through for CCPA compliance are to protect the privacy of California consumers.
In conclusion
As companies prepare for the CCPA, they must keep in mind that a privacy program needs to adapt and change according to applicable privacy law, as well as each company’s objectives. Regardless of where you are with your privacy program, it is never too late to start planning for your CCPA compliance readiness. OneTrust for CCPA is a full set of scalable privacy management software solutions and services specifically designed to implement CCPA requirements and workflows to support a global privacy program.
For additional information, or to request a live OneTrust for CCPA software demo, visit www.OneTrust.com/ccpa-compliance or email Info@OneTrust.com.
Resources:
- Learn more about OneTrust for CCPA
- Download the whitepaper: How OneTrust Helps: California Consumer Privacy Act (CCPA)
- Download the free OneTrust CCPA Mobile App from the App Store and Google Plays
Check out our CCPA blog series:
- CCPA Requirements for Businesses
- California Governor Signs CCPA Amendments Into Law
- Proposed Regulations Under the CCPA: What You Need to Know
- CCPA Proposed Regulations
- Comply With the CCPA’s “Toll-Free Requirement” with OneTrust
- California Privacy Rights and Enforcement Act Ballot Initiative
- CCPA Amendment Crunch Time
- CA Attorney General Holds Public Forums on the CCPA: What You Need to Know
- The Importance of the CCPA Look Back Requirement and What it Means for Your Organization
- 5 Simple Steps to CCPA Readiness
- CCPA: New Amendment Bills One Step Closer to Becoming Law
- How OneTrust Helps: CCPA Consumer Rights Management
- How OneTrust Helps: CCPA “Do Not Sell” Requirements
- Less Than One Month to Finalize CCPA Amendments
- The Dos and Don’ts of CCPA Consumer Right Requests
- California Privacy Rights and Enforcement Act Ballot Initiative
