CCPA Compliance

The CCPA is making a change in the United States and consumers’ rights, giving California residents power on how their personal information (PI) can be used.

                The California Consumer Privacy Act (CCPA) came into effect on January 1st, 2020.
This law has principles that indicate when a business must become compliant [Note: It does not matter what size or industry the company is related to, the governance is controlled by the following items]:

  • The business, be it a
    subsidiary or a parent company, collects information about residents inside the
    state of California.
  • CCPA defines a resident of California as:
    • A person in California for other than a temporary or transitionary purpose
    • A person domiciliated in California but is outside of the state for temporary or transitionary purposes
  • The business, be it a subsidiary or a parent company, exceeds one of the following thresholds:
    • Annual gross revenues that exceed 25 million USD
    • Obtain personal information (PI) of more than 50,000 California residents, households, and/or devices per year
    • At least 50% of their annual revenue is generated from selling California residents’ personal information (PI)

Having said this, the personal information (PI) of a California resident has the following considerations:

  • Information that relates, describes, could be associated, or could be reasonably be linked to a consumer or household in California
  • Personal Information is defined as:
    • Name
    • Email addresses
    • Biometric data
    • IP addresses
    • Internet of Things data
    • Geolocation data
    • Employment data
    • Any data that could be linked
      or related to a resident of California

A business must then comply with the CCPA by building a privacy policy that contains at least the following items:

  • Identify what information is collected and processed
  • Purpose of collecting and processing the information
  • How this information is collected and processed
  • Methods through with a California resident can request the following actions:
    • Access their Personal
      Information (PI)
    • Change their Personal
      Information (PI)
    • Move their Personal Information
    • Delete their Personal
      Information (PI)
  • Methods used to identify and confirm the identity of the person submitting the request
  • What information from California residents is sold and how these users can opt-out from having their data sold out [Note: You are not forbidden from selling the information, but an option must be given to opt-out]

Need help with CCPA and making your business and your applications compliant with this law? You can contact us through the form below, and we will get back to you to assist in this process.