'Most Innovative Startup 2020' by RSA - Watch the videoLearn More
The California Consumer Privacy Act (CCPA) is a data privacy law that mandates companies to become better custodians of their consumers’ personal information.
Here is an overview of this important new privacy regulation.
Consumers who are protected and provided rights under the CCPA are the estimated 40 million residents of California. These rights include:
The CCPA has given an expanded definition for the term ‘Personal Information’ which is provided protections under the statute. Any information that identifies a particular consumer or household is considered ‘Personal Information’.
The only exceptions are publicly available information (made public by federal or state authorities) or consumer information that is deidentified.
If a for-profit entity which does business in California fulfills any one of the following three conditions, they are required to abide by the CCPA regulations.
Has $25 million
in gross annual revenue;
Obtains or shares personal information of at
least 50,000 California residents,
households, and/or devices per year;
At least 50% of their annual revenue is
generated from selling California
residents’ personal information.
Businesses on which the CCPA applies also include any entity run or controlled by a business or which shares common branding with a business. No distinction has been made between domestic and foreign entities as well as a foreign parent company, with a controlling interest in an U.S-based subsidiary would itself also be subject to the CCPA.
There are few industries exempted from CCPA, that are already sufficiently covered under other privacy laws, such as:
Health providers and insurers that are already covered under HIPAA
Financial companies covered by Gramm-Leach-Bliley
Credit reporting agencies under the Fair Credit Reporting Act
Given the rising frequency and severity of data breaches, CCPA has laid some strict penalties for businesses failing to comply. The penalties are:
Maximum civil penalties of $7,500 for intentional violations brought by the State of California through the Office of the Attorney General. Businesses will have only a 30 day time period to cure the violation upon being informed of the violation or will face financial penalties.
Maximum civil penalties of $2,500 for unintentional violations brought by the State of California through the Office of the Attorney General. Businesses will have only a 30 day time period to cure the violation upon being informed of the violation or will face financial penalties.
Consumers can file private lawsuits from between $100 to $750 or for actual damages for each incident of breach of their unredacted and unencrypted data stored in a businesses’ server. Businesses will have only a 30 day time period to cure the violation upon being served a notice by the consumer or will face civil penalties.
The law has come into force from July 1st 2020 and it is expected that CCPA and other data privacy litigations will only increase in the coming years.
Given the expanded definition of the term ‘personal information’ and the tight time frame provided to businesses to respond to privacy disclosure, access and deletion requests along with other requirements, complying with the CCPA can be very labor intensive and costly.
SECURITI.ai’s award-winning solution revolves around the concept of PrivacyOps, which utilizes robotic automation, artificial intelligence and machine learning to automate compliance tasks, freeing up crucial resources for other areas of business.
SECURITI.ai helps businesses discover data over a wide range of internal and external systems, build a People Data Graph to link personal data to each individual, automate data subject requests, assessments, consent management and more.
The CCPA stands for California Consumer Privacy Act
Nearly 500,000 organizations worldwide have been affected by the CCPA
According to an IAPP research, 95% of businesses are not prepared for the CCPA
The CCPA fines are a maximum of $7,500 per violation with no upper cap
CCPA exempts organization complying with the following:
SECURITI.ai uses award winning automation, machine learning and AI to help reduce cost, liabilities and human effort while helping your business comply effortlessly.
See how easy it is to manage privacy compliance with robotic automation.