The California Consumer Privacy Act of 2018 or CCPA, has been enacted in California. Even if your business is not in California, your business data and data collection policies may be greatly affected. The law is similar to GDPR in Europe, but it also has some very specific differences that companies need to be aware of.
First, what companies are required to follow the CCPA:
- Companies who have total annual revenue in excess of twenty-five million dollars ($25,000,000).
- Companies that in aggregate annually buy, sell, trade, or receives/shares personal consumer information from 50,000 or more Califonia consumers.
- Companies that derive 50% or more of their total annual revenue from selling California consumers' personal information
If your company falls under this scope1 then you need to read on and be ready to make changes to your data collection and retention. There are legal and technical structures you need to put in place to be able to comply with the CCPA.
From a technical perspective, you will need to work with your database consultants on your CRM and web databases to meet the requirements. For example, from your systems can you pull all data about a specific contact to respond to a request? Can you delete all the information about a contact? All this and more are required and will need to be built out and attested to.
If you look at the Independent Business Obligations section of this whitepaper, you will see some great work by Perkins Coie on what is required technically and legally to comply with CCPA.
The definitions in the CCPA are very broad. There is going to need to be clarifications made to the law either by State regulators or through the courts. Denver DataMan is keeping up with the new law and the changes around it so that we understand the specific requirements as best as possible. We want to have a holistic understanding of all parts of the CCPA so we can best advise our clients.
DDM Can Help
We are here to help companies understand and model their data. We have partners like business lawyers who can help with the legal end of CCPA compliance.
1You can get more detailed information on your status for this law by using the CCPA Diagnostic Tool provided by Perkins Coie.
This is not a legal opinion or legal advice. For legal advice on the specifics of how this law pertains to you and your company make sure to contact your attorney.