Preparing for CCPA

CCPA LogoThe California Consumer Privacy Act of 2018 or CCPA, has been enacted in California. Even if your business is not in California, your business data and data collection policies may be greatly affected.  The law is similar to GDPR in Europe, but it also has some very specific differences that companies need to be aware of.  

First, what companies are required to follow the CCPA:

  • Companies who have total annual revenue in excess of twenty-five million dollars ($25,000,000). 
  • Companies that in aggregate annually buy, sell, trade, or receives/shares personal consumer information from 50,000 or more Califonia consumers.    
  • Companies that derive 50% or more of their total annual revenue from selling California consumers' personal information

If your company falls under this scopethen you need to read on and be ready to make changes to your data collection and retention. There are legal and technical structures you need to put in place to be able to comply with the CCPA. 

From the consumer perspective, the following are the key rights given to consumers under the law. Consumers have the right to access the information collected about them by businesses. The right to deletion is offered to customers who want their information removed permanently from company records. New requirements for Opt Out and Website Requirements including a "Do Not Sell My Personal Information" links. Last but certainly not least, is that there are new rights for Privacy Policy Requirements.

This summary provided by the International Risk Mangement Institue is very clear. PWC published this comparison between GDPR and CCPA.

From a technical perspective, you will need to work with your database consultants on your CRM and web databases to meet the requirements.  For example, from your systems can you pull all data about a specific contact to respond to a request? Can you delete all the information about a contact? All this and more are required and will need to be built out and attested to.

If you look at the Independent Business Obligations section of this whitepaper, you will see some great work by Perkins Coie on what is required technically and legally to comply with CCPA.

The definitions in the CCPA are very broad. There is going to need to be clarifications made to the law either by State regulators or through the courts.  Denver DataMan is keeping up with the new law and the changes around it so that we understand the specific requirements as best as possible. We want to have a holistic understanding of all parts of the CCPA so we can best advise our clients.  

DDM Can Help

We are here to help companies understand and model their data.  We have partners like business lawyers who can help with the legal end of CCPA compliance. 

1You can get more detailed information on your status for this law by using the CCPA Diagnostic Tool provided by Perkins Coie. 

This is not a legal opinion or legal advice. For legal advice on the specifics of how this law pertains to you and your company make sure to contact your attorney.  

 

Related Service