What is the CCPA?
By now, you are most likely familiar with Europe’s GDPR. The General Data Protection Regulation requires any company doing business with citizens of the European Union to place appropriate technical and organizational measures to protect the data of their customers. It also grants individuals to request records of how their data is used and the ability to require that a company expunge any and all personal data they have stored.
The state of California recently adopted a similar set of rules, called the CCPA. The California Consumer Privacy Act will become law on January 1, 2020. The CCPA applies to companies that do business in California, and meet any single one of the following:
- Exceed an annual gross revenue of $25 million.
- Obtains personal information of 500,000 or more California residents, households, or devices annually.
- Obtains 50 percent or more of their annual revenue from selling California residents’ personal information.
The CCPA grants California residents the following five rights:
- A business’s data collection practices. This includes the type of information they collect, how the obtained it, how they use it, and who else it was disclosed to.
- The ability to receive a copy of the information that was collected about them within a 12 month period preceding the request.
- To have information deleted (there are exceptions).
- To know a business’s data sale practices, and to request that their data not be sold.
- To not be discriminated against because they exercised any of the four other rights.
GDPR and the CCPA are similar in the way that under both, consumers can request their data records and require that they are erased.
However, the two regulations also differ in several ways. Mainly, GDPR focuses on data rights and ownership, where has CCPA regulates the sales of personal information for profit. The CCPA grants rights only to individuals who are residents of California, as defined by those people who file income tax in the state.
What it means for your business
One of the most significant parts of the CCPA is that it expands the definition of data to include information that is capable of being associated with or linked, directly or indirectly, with a particular California resident or household. This means that business under this law must be prepared to locate and disclose a much larger swath of information.
Under the CCPA, a business should also be ready to disclose its data collection practices, along with a description of the categories of data it collected over 12 months leading up to the request, where it was sourced, if it was shared or sold, and the types of parties that received it. All of this information must be provided to the individual that requests it within 45 days.
Businesses under the CCPA should review data contracts to ensure they have a full picture of where consumer data is going, how it used, and that it can be retrieved. They also need to provide an opt-out on their website so individuals can ask that their information not be disclosed or sold.
ringDNA and the CCPA
ringDNA falls under the new CCPA law and already has customers that do as well. Just like GDPR, ringDNA has ensured it is 100% compliant to CCPA so all current and potential partners are ready come January.
In the ringDNA admin controls, administrators have the ability to manage and delete customer data and our support and success teams are ready to help with any requests or questions.