The California Consumer Privacy Act (CCPA) began as a ballot initiative sponsored by Californians for Consumer Privacy. The CCPA was signed into law on June 28, 2018 by Governor Jerry Brown as Assembly Bill 375 (AB 375), and became effective on January 1, 2020.
Since being passed, the CCPA has been amended twice (both in September 2018 and October 2019) and Proposition 24—passed in November 2020—both amended and expanded it. So what exactly does the CCPA protect and who needs to comply? Let’s take a look.
The CCPA gives consumers more control over their personally identifiable information—or PII (often used interchangeably with ‘personal data’)—that businesses collect about them. This gives California residents the right to:
Unlike publicly available information, which is information that is lawfully made available from federal, state, or local government records, personally identifiable information, or PII, is information that:
…a particular consumer or household. Some examples might include geolocation data, education- and employment-related information, internet activity (think your IP address), biometric data, and other personal identifiers.
When it comes to compliance, the CCPA and its regulations applies to businesses both located within and outside of California that collect any information from California residents or engage in transactions with Californians for the purpose of financial gain and that meet one or more of the thresholds (or their parent company/subsidiary does):
So how can businesses prove compliance? The CCPA requires entities to provide a privacy notice disclosing how consumers’ PII is collected, used, and shared. It also requires them to:
While the CCPA doesn’t explicitly reference the requirement to train employees, it does require that “All individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed.” This means that it’s a good idea to train your employees—especially those directly responsible for handling consumer inquiries about your company’s privacy practices.
If the CCPA or CPRA apply to your business and you’re still not compliant, there’s no time to waste. At Strike Graph, we can bring you up to speed fast. We’ll provide step-by-step training and guidance so you can build out a compliance framework and breeze through every step of the compliance process.