With the California Consumer Privacy Act (CCPA) in effect, we wanted to reflect on the CCPA’s journey. In this blog post, we’ll go over the CCPA’s history, what the CCPA means for your business, and how you can tackle CCPA compliance.
What is the CCPA?
The CCPA aims to protect the privacy and data of California consumers. It requires businesses to provide Californians as much information as possible about the ways in which their personal information is handled and used. This act requires businesses to explain to consumers what data they are collecting and gives consumers the right to say ‘no’ to the sale of their personal information and to request businesses to delete their personal information.
The Start of the CCPA
From 2016 to 2018, Alastair Mactaggart created and led a ballot initiative for a privacy law that spurred the passage of the CCPA (i.e., Assembly Bill (AB) 375). AB 375 was initially introduced by Ed Chau, a member of the California State Assembly, as well as State Senator Robert Hertzberg.
On June 28, 2018, the Governor of California, Jerry Brown, signed AB 375 into effect, establishing the most extensive consumer privacy legislation ever passed in the United States.
The CCPA Timeline
June 28, 2018 – AB 375 signed into law and Mactaggart’s ballot initiative withdrawn
September 23, 2018 – Senate Bill No. 1121 signed into law, modifying the CCPA
January 1, 2019 – Data mapping and recordkeeping requirements start
October 10, 2019 – The California Attorney General, Xavier Becerra, released the proposed text for the CCPA Regulations.
October 11, 2019 – California Governer Signs CCPA Amendments into Law
January 1, 2020 – CCPA goes into effect
Spring 2020 – Attorney General regulations expected to be finalized
July 1, 2020 – Enforcement begins
What the CCPA Means for You
With California’s new privacy law in effect, every company, organization, and person who handles personal information regarding California consumers and employees are now impacted.
Given the importance of complying with the CCPA, entities must understand that the CCPA applies to a “business” which:
- Handles personal information about California residents,
- Determines the purposes and means of processing that personal information,
- Does business in California, and meets one or more of the following thresholds:
- Has annual gross revenues in excess of US$25 million,
- Annually handles personal information regarding at least 50,000 consumers, households, or devices, or
- Derives 50% or more of its annual revenue from selling consumers’ personal information.
In addition to businesses, the CCPA impacts service providers that process personal information on a business’s behalf. The new privacy law also impacts third parties that receive or purchase personal information from a business. If you run a nonprofit organization, your organization falls outside of the CCPA’s scope.
California Residents and the CCPA
The CCPA grants California residents, who are consumers, specific rights regarding their personal information businesses maintain. If you’re a California consumer, you have the right to request that a business inform you about its processing activities with respect to your personal information, to delete your personal information, and to opt-out of the sale of your personal information.
All the hoops that businesses need to go through for CCPA compliance are to protect the privacy of California consumers.
In Conclusion
As companies prepare for the CCPA, they must keep in mind that a privacy program needs to adapt and change according to applicable privacy law, as well as each company’s objectives. Regardless of where you are in your privacy program, it’s never too late to start preparing for CCPA compliance. To request a live OneTrust for CCPA software demo, visit www.OneTrust.com/ccpa-compliance or email [email protected].
Resources:
- Learn more about OneTrust for CCPA
- Download the whitepaper: Getting Started: 5 Steps to Start Your CCPA Privacy Program
- Download the whitepaper: How OneTrust Helps: California Consumer Privacy Act (CCPA)
- OneTrust DataGuidance Blog: The Definitive Guide to California Privacy Laws
Check out our CCPA blog series:
- The CCPA: Right to Opt-Out
- The CCPA Toll-Free Requirement
- CCPA Do Not Sell Requirement
- CCPA Compliance: Your Most Frequent CCPA Questions Answered
- CCPA vs. GDPR
- CCPA Readiness: Third Wave Report
- In the Know: CCPA Personal Information
- CCPA Applicability: Who will the CCPA Impact?
- CCPA Requirements for Businesses
- California Governor Signs CCPA Amendments Into Law
- Proposed Regulations Under the CCPA: What You Need to Know
- CCPA Proposed Regulations
- Comply With the CCPA’s “Toll-Free Requirement” with OneTrust
- California Privacy Rights and Enforcement Act Ballot Initiative
- CCPA Amendment Crunch Time
- CA Attorney General Holds Public Forums on the CCPA: What You Need to Know
- The Importance of the CCPA Look Back Requirement and What it Means for Your Organization
- 5 Simple Steps to CCPA Readiness
- CCPA: New Amendment Bills One Step Closer to Becoming Law
- How OneTrust Helps: CCPA Consumer Rights Management