On New Year’s Day, the same logic that was used to create GDPR, came stateside when the California Consumer Privacy Act (CCPA) was officially put into effect. This legislation provides California residents more control over their personal data. The objective is simple: provide better consumer protections and enhance the respect of privacy by improving transparency regarding the way companies are using their users’ data.
When GDPR came into effect, Europe paved the way for regulation, compelling companies to focus on customer trust. Over the course of the last few years, the level of complexity behind data protection has been matched only by how necessary it has become.
CCPA Preparedness is the key to grow trustworthy customer relations and sustain business goals in the US.
When it was signed, CCPA brought some of the most stringent consumer data privacy protections ever signed in the United States. And, while it is specific to consumers in California, any company that does business or collects personal data — directly or through third parties — in the state must adhere to its restrictions.
CCPA Preparedness Starts with Your Understanding of the Law
Fundamentally, the definition of personal data within CCPA is quite broad and includes all information that identifies, concerns, describes, or can be associated — directly or indirectly — with a particular consumer or household; things like names, addresses, social security numbers, and telephone numbers, as well as all types of information that can be linked to a California consumer.
Even if CCPA only authorizes sanctions if or when a violation has been found, each Californian citizen is authorized to take civil action against any company that violates the law, thus opening the door to collective action. If a company’s practices are not in compliance with the new Californian provisions, the state may directly initiate proceedings against it and fine the company $7,500 per data disclosed if the company does not remedy the situation within 30 days. However, if the violation is found to be unintentional, then this fine is reduced to $2,500.
When it comes to possible data leaks, the law provides civil compensation ranging from $100 to $175 per California resident whose data was obtained, even in the absence of material damage.
CCPA is certainly only the beginning of more global awareness in the United States, protecting its citizens’ data against abuses from companies or organizations. This is the first step that could lead other states to introduce similar regulations.
In addition, federal legislation could emerge in the medium term. On September 10, 2019, a group of 51 CEOs from US companies sent an open letter to Congress calling for the implementation of a law regulating the collection, processing, and use of personal data at a national level.
Some of these companies are technology giants such as Amazon, AT&T, IBM, Motorola, and Qualcomm. They think that privacy laws vary too widely from state to state, causing both confusion among consumers and a threat to the United States’ competitiveness.
Through this approach, their desire is to promote and provide a stable and legal environment at the federal level to create products and solutions where economic actors and users can find a consensus on the use of personal data.