The California Consumer Privacy Act (CCPA), enacted in 2018, is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The CCPA came to effect on January 1, 2020.
Below, we examine the contours of the CCPA to help you better understand the applicability and requirements of the new law.
The CCPA is the beginning of “America’s GDPR.” Similar to the General Data Protection Regulations (GDPR), the CCPA brings control of personal data back into the hands of consumers, along with equivalent duties for businesses that trade in such information.
The purpose of this Act is to provide California residents with the right to:
• Know what personal information a business collects and how it’s used.
• Receive a copy of their data
• Request the deletion of any personal info
• Opt-out of having personal information sold to any third party
Data Covered by the CCPA
Security Magazine, a US security publication for enterprise security trends, metrics, news, and more, explains that a few of the categories of personal information subject to the CCPA are names, addresses, email addresses, social security numbers, medical information, geolocation information, biometric information, browsing history, search history, unique identifiers (such as cookies and IP addresses), commercial information, account names, audio, or employment-related information.
The key differences between CCPA and the European Union’s GDPR include the scope and territorial reach of each, definitions related to protected information, levels of specificity, and an opt-out right for sales of personal information. According to PwC, certain CCPA requirements overlap with the existing GDPR individual rights requirements, which may give GDPR-ready organizations a jump start on building a capability around user-data handling practices.
Which companies does the CCPA affect?
This law is applicable to all companies that serve California residents and have at least $25 million in annual revenue. In addition, companies of any size that have personal data of at least 50,000 people or that collect more than half of their revenues from the sale of personal data, also fall under the law. Companies don’t have to be physically based in California to fall under the law. They don’t even have to be based in the United States.
The California Privacy Directory has listed a list of companies that you can contact and ask them to remove your personal information. To reduce administrative burden, many of these companies are allowing people from outside of California to make this request as well.
Regulatory compliance such as the CCPA and GDPR are setting a global standard for how data must be protected, which impacts almost every organization on the planet. Docsvault provides features that are flexible enough to meet any emerging regulatory requirements. Our solution makes sure that documents and data that are captured and processed are stored securely and protected against misuse or loss. Docsvault’s fine-grained security guarantees confidentiality by controlling which documents and data employees can view, edit, retrieve, export, and delete. Because of our commitment to security and data privacy, Docsvault never sells or shares customer data.