The California California Consumer Privacy Act (CCPA ) is a new consumer protection law which comes in effect from 1st January 2020 and is yet another sign that data protection is now taken very seriously. This follows closely in the steps of the General Data Protection Regulations ( GDPR) which were launch in May 2018.
Who does this apply to ?
- This law is applicable in the state of California where organisations carry our business that involves collecting and processing the personal information of individuals.
- Where an organisation has gross revenues of over $25,000,000
- If an organisation buys / sells at least 50,000 consumers personal records for commercial gain
- If an organisation earns more than 50% of their revenue from the selling of a consumers personal records.
If all any of this criteria is met then the CCPA will be applicable and the business will have to adhere to these regulations.
What are the consequences of non- compliance?
Should this be the case it is possible that the business could face the following penalties :-
- Civil Penalty up to $7,500 for each intentional violation and $2,500 for other violations
- In addition to this the victims of a data breach may obtain $100 to $750 per consumer, per incident.
The importance of how a business manages its data is therefore of the utmost importance in order that these regulations are complied with and to avoid any penalties that stem from a breach of these regulations.
Some guidelines to the management of data
- Ensure that all employees are updated with this legislation and carry out training as applicable.
- Ensure that all processes and procedures are aligned to comply with the new legislation and if not introduce new ones to cater for this.
- Carry out a review of cyber security within the organisation and implement upgrades and improvements where necessary in order to mitigate a possible data breach.
- Where necessary bring into line privacy notices and policies on websites and other public facing forums.
The protection of data is becoming a core value within businesses as in the event of a data breach the costs to manage this and the impact on their reputation can be severe.
Image : Shutterstock