What is the California Consumer Privacy Act (CCPA)?

California Consumer Protection Act (CCPA) is a legislative act on consumer data privacy bill which was passed in California on June 8th of 2018 and became a law which will come into full effect on January 1st, 2020. 

This bill, also known as the AB- 375, full form of assembly bill no. 375. This bill is similar to the GDPR act enacted by the EuropeanUnion. But it is a more stringent act that protects consumer’s data. 

California Consumer Protect Act

Data security is a significant concern all over the world. In this tumultuous time, this California consumer protection act is a meaningful law that is endorsing consumer’s data privacy remarkably. In any business, consumer privacy concerns top the list as there is a need to earn consumer trust. 

As different countries have their own data protection laws, the California consumer protection act is till-date the most stringent act on protecting consumer data than any state across the USA or any other continent around the world. 

Read more: How to Protect Your Intellectual Property with Copyright

California is known to be the hub of the world’s most popular tech giants and business entrepreneurs like Google and Facebook. This act will have far-reaching impacts on these industries.

data protection laws

Google and Facebook are already in the news for breaching data protection regulations of the consumers. Thus, from 2020, with this particular law enforcement, the consumers will get a weapon to protect their data. They can now protect their data and act against the techies.

Many companies already follow some of the guidelines enacted under this law, after the law comes into effect, all other guidelines, too, will come into effect. Many experts are predicting that following California’s example, many other states in U.S.A or other countries will also change their data protection acts too.

What are the objectives of CCPA?

The objective of CCPA is to help the residents of California know what are those personal data which are collected from them unknowingly. Is Data safe with their company? If not, then where the data is sold? 

CCPA take action against the selling of personal data and access the personal data when there is a need, and request the company to delete any specific personal or general data. It is to let them know that they are capable of exercising privacy rights whenever it is required.

Know the Objectives of CCPA

What is personal information/data?

As the CCPA is all about protecting personal data, at first, it is needed to understand what personal data/information is, according to the California consumer protection act.

According to the AB-375 bill, personal information refers to a broad list of characteristics or behaviors, may it be personal or commercial, or inferences drawn from the information. This bill defined plenty of data as personal data such as the 

  • data of a particular individual or consumer’s biometric data, 
  • household purchase data, postal address, social security number, 
  • unique personal identity, 
  • online internet protocol address, 
  • email address, 
  • account name, 
  • driver’s license number, 
  • passport number, 
  • family information like how many children are there, 
  • geopolitical location, 
  • financial information, 
  • sleeping habits, 
  • insurance policy number, 
  • employment history, financial information, 
  • health information, health insurance number, 
  • bank account number, phone number, signature, and others. 

This act does not define publicly available data as personal data.

Who are the target people of this act?

This privacy act defined all the loosely used terms in a particular manner to clarify the objectives of this law. The Californian consumers and business companies fall under this bill, but how will we define them is stated by this law:
According to this act, a consumer means an ordinary person who is a resident of California. As businesses are of various types, this act defined them in three categories-the profit-making business in California, which collects personal information.

Things Companies Should Keep in Mind

Then there are those businesses that garner annual gross revenues over 25 million dollars, businesses that earn more than 50 percent of their annual revenue by selling consumer’s personal information.

What does this act provides the consumers?

As this act is related to two different entities, i.e., the Californian consumers and businesses, it is time to know what this act provides the consumers. 

This act states that if any business needs to collect any personal information, the privacy policy should clearly state that on the business website. This act also sanctions the consumer to ask a company to provide information about the data they are collecting. 

It includes the categories of personal data they are collecting, specific data of an individual, method of data collection, what is the purpose of collecting information by the company, and who are the third parties with whom they are sharing these data. 

If the consumer feels about deleting personal information barring a few specific information, all other information should get deleted by the company. The act states that if any consumer takes the help of the privacy act and asks for the deletion of the personal information from the company database, then the organization should do that. 

Apart from that, the company is bound to provide the same service and pricing to the individual like all the other consumers.

Some More Information About the CCPA

How to comply with the CCPA?

To comply with the provisions of the CCPA act, businesses in California need to follow and comply with outlined directions. All the previously established companies have to adjust their privacy policy to avoid the violation of the law.

The companies need to state clearly on their website about the data privacy policy, which includes how the data are collected, what type of data are those, what are the uses of these data and what is the data collection method. 

The company should provide on its website homepage named “Do Not Sell My Personal Information” and ensure every employee knows the rules and regulations related to handling consumer data.

What are the sanctions that may be imposed upon the company?

The sanctions which will get imposed on the company for data breaches or breaching data security is to pay statutory damages between $100 to $750 per California resident or incident or a fine for intentional law violation up to $7500 and unintentional violation up to $2500.

Thus, this law is path-breaking in its dealing with privacy rights related to data as there was no other law introduced so strongly across the globe. It lays down some principles to be followed by the company to have a good and safe dealing when collecting data. 

The data regulations will keep personal information safe in the hands of the company and, if needed, actions can be taken against any company. In this globalized world, where we all are dealing with data and doing almost everything digitally, it is necessary to have our data to be safe and secured. 
The privacy rights of different states should incorporate this type of provision in their legal system to protect citizen’s rights. Thus, the California consumer privacy act is an exemplary act introduced by the state of California for protecting consumer rights, which will set precedence in front of the world in the future.