California Consumer Privacy Act 2020 | What You Need to Know?

California Consumer Privacy Act 2020


The California Consumer Privacy Act is effective on January 1st, 2020. This means that, in a little less than two months, California will be the first state to introduce a clear-cut and precisely defined privacy law. Intended to enhance privacy rights and consumer protection for the residents of the state of California, the CCPA takes a broad view of what constitutes private data. Continue reading to learn everything about the CCPA and how it affects your business or personal information.

What is the CCPA?

Officially called AB-375, the California Consumer Privacy Act was drafted with a purpose to establish protection for a subset of US citizens against their personal information being harvested and sold without their knowledge. The bill was passed and signed into law on June 28th last year. Often dubbed as "California's GDPR", this California data privacy law promises to bring the much-needed changes when it comes to data security and consumer privacy protection. While the California information privacy act applies only to businesses that sell goods or services to California residents, its application outside the US could drastically speed up the worldwide spread of similar legislation.

Of course, since this California data security law is created for a different location than the GDPR, there are a couple of essential differences between the two. The main difference is the overall scope and territorial reach of each law and the definitions related to protected data. Taking a look at the more specific characteristics, another significant difference between the two laws is that the CCPA, in some cases, only considers information provided by the users, while GDPR always covers all personal data regardless of the source or whether the information was public. This makes GDPR a much broader law than the CCPA.

Which companies does the CCPA affect?

The California data protection law clearly defines which type of businesses it applies to. The law affects every company which does business in California, and the only way to opt-out of it is to go out of business. This act will be enforceable on every company that deals with Californian consumers and meets at least one of the three following CCPA requirements:

  • Has annual gross revenue in excess of $25 million;
  • Has a database of 50,000 or more users, households or devices;
  • Derives more than half of its yearly revenue from selling users' data.

In addition to these three thresholds, California privacy policy requirements state that every organization is required to "implement and maintain reasonable security procedures and practices" to ensure the protection of user data. Any business which falls under one of these categories and fails to comply with the CCPA requirements could suffer the following sanctions and remedies:

  • Fines up to $7,500 for each intentional violation, and up to $2,500 for each unintentional violation;
  • Companies, associations, activists, and others can exercise their right to opt-out on behalf of California residents;
  • Companies that suffer data theft or similar security breaches can be ordered to pay statutory damages or actual damages, whichever is greater.

With such regulation, even some big businesses could have trouble with the California online privacy protection act compliance legislation. Companies like Facebook and Google, whose entire business models rely on collecting personal information, could greatly suffer if just a fraction of their users start demanding to see and delete the information they've collected on them. Facebook, in particular, has faced severe backlash over the years, and it will be thought-provoking to see how the platform will deal with the upcoming legislation.

A simple way to prevent data breaches and resulting fines for non-compliance is to use Hideez Enterprise Solution. Our straightforward security features comply with the CCPA, and include phishing prevention, centralized credential provisioning and de-provisioning of ex-employees, and more. Our All-in-one Identity and Access Management Solution makes sure that only authorized users can access sensitive data. Minimize human factor without complicating everyday routine of your employees.