January 1st brought about a large change in the world of business.

CCPA is affecting millions of companies that may already be in violation of compliance without their knowledge.

 

Here are the facts:

Businesses operating in California could have a head start on tackling compliance costs should other state laws or a national policy take effect.

What is CCPA?

  • The California Consumer Privacy Act

What Does This Act Mean?

  • This act enables any California consumer to demand to see any and all information any company has on them. This also empowers consumers whose information is not provided to them legal footing to sue them with or without a breach of privacy (wow, what a green light).

Who Does it Affect?

  • All Companies that serve California residents and make at least $25 million in annual revenue. (that’s more than a handful)
  • Any company that has data collected from over 50,000 people and gets more than half of their revenue from selling that data.

What Happens If Companies are Not Compliant Even After the 30-day Warning Period?

  • Your company can be fined up to $7,500 per individual record (yikes).
    • Seeing as some of these companies have hundreds of thousands of records on file this could be very costly.

How Do I Protect My Business?

  • If you are using a 3rd party vendor this vendor should have already made changes to ensure your compliance. If your current vendor isn’t taking the proper precautions, you need to find a new vendor that will immediately.
  • If you are handling your own data infrastructure you need to engage a legal or compliance consultant (or both) to get your company on the right track ASAP.

Companies should feel slightly at ease knowing this act was written in a week. The short duration of its creation and its multiple amendments (already) in a short period of time has this act viewed as a “work in progress.” Our advice to companies is to take measures immediately to ensure they are compliant (or at least show that they are taking steps to get there) to avoid heavy penalties and/or earn some leniency.

 

In conclusion, CCPA should be taken seriously, and companies who don’t are in for a rude awakening. There is an abundance of information and resources available on CCPA compliance for all interested parties. It is best to start working towards full compliance as soon as possible. If you think your company is in danger of being penalized, contact a legal consultant and/or active partner/vendors ASAP before it is too late.