California Consumer Privacy Act (CCPA), is a bill passed by the California State Legislature on June 28, 2018, which was amended and signed into law on September 23, 2018. It broadly expands the rights of consumers and requires companies within scope to be significantly more transparent about how they collect, use and disclose personal information. The CCPA is effective January 1, 2020, and enforcement is slated to begin no later than July 1, 2020.
CCPA stands for California Consumers Protection Act 2018. It is the most recent personal data protection law passed by the State of California, aimed to protect the right to privacy of its residents and as a response to the increased role of personal data in contemporary business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.
The CCPA will apply to for-profit businesses that collect and control California residents' personal information, do business in the state of California, and meet at least one of the following thresholds:
Companies already following GDPR guidelines will have a bit of a leg up becoming CCPA-compliant with the two privacy measures overlapping in certain areas. But meeting all the requirements for the new CCPA standards will still take diligence even for those already compliant in other areas—and face new consequences for any gaps.
What are CCPA Requirements?
For businesses that must adhere to CCPA law, compliance breaks down into 5 main requirements:
Does Your Business Have to Comply with CCPA?
Any for-profit organization doing business in California that collects consumers’ personal data and meets the following qualifiers must comply with CCPA:
While the current compliance requirements are limited to California, this new privacy law could signal the beginning of a nationwide change, similar to GDPR regulations in Europe.