The California Consumer Privacy Act of 2018 is the most comprehensive general data privacy bill of its kind to pass in the United States at a state level. Its purpose is to increase transparency when it comes to the physical and digital data collected and sold.
Under CCPA, customers will now have more choices and control over what happens to their personal information and increased security in their online engagement.
Wondering if CCPA will affect your business? Let’s take a look.
CCPA covers for-profit companies doing business in California that collect consumers’ personal information and meet one of the following criteria:
1. exceed $25 million in gross revenue;
2. buy or receive the personal information of 50,000 or more consumers, devices or households (such as website traffic);
3. or derive 50% or more of their annual revenue from selling consumers personal information.
Under CPPA, personal information includes, but is not limited to:
- Geolocation Data and Inferences Extracted from Data – Using someone’s precise location data without permission expressly granted or using the IP address to track users
- Unique Personal Identifiers (e.g., cookie numbers or company devised number)
- Browser or Search History (e.g., recipes, local doctors)
- Biometric Data – (e.g., fingerprints or eye retina scan)
- Professional or Employment-related Information – (e.g., salary, title, certifications)
- Psychometric Data – (e.g., info gathered from aptitude tests or personality test)
- Audio + Visual Data – (e.g., data from audio or video files)
- IP addresses – If an IP can identify a household it may be considered personal data
CCPA will require businesses to notify consumers about the type of data they collect, both in privacy policies and in response to specific requests. Consumers will be given a clear choice to opt out of their data being sold—and if they do, companies cannot discriminate against them by charging a higher price or servicing them differently, unless they can prove the difference is reasonably related to the value provided by the data.
To understand this better, consider a company sells you a service for $10/month and it sells the data you provided to sign up for this service just because it fancies earning a little extra money. The value in the service to you, the customer, is still $10. If you decide to opt out of this, the company cannot turn around and charge you $50/month now to cover their loss from the data unless they provide $40 worth of extra value.
A company can, however, still offer financial incentives to consumers to make use of their personal data more enticing to them, such as $10 off the first month, or a complimentary add-on service for a limited time.
“So what does this mean and how will it affect my business?”
This means that your IT team will need to know where a customer’s data is being held at all times now so it can be removed if someone requests it. This may require you to reconfigure your existing systems and processes. For all new data collected, I recommend building this into the design of the system from the beginning.
Your Marketing department will also need to know exactly what data you collect, how it is used and where it is shared so this is accurately reflected in your privacy notice. As your business grows, you will need to revisit this periodically to make sure these changes are reflected here as well.
For more information on CCPA and how to make it your competitive advantage, check out 5 Reasons CCPA Should Already Be On Your To-Do List.
Wondering how solid your privacy program really is? Or could it be, if you’re honest, you’re not sure you have one at all? Schedule your complimentary evaluation today and wherever you’re at, we’ll get you where you need to be.
Making sure your brand is one your customers can trust is the most important investment you can make in your business. It will make the difference between customers that come and go and customers who have no reason to look elsewhere.
Which would you prefer?