CCPA Compliance – The California Consumer Privacy Act

What is CCPA?

Who does the CCPA apply to?

What problems the CCPA could mean for my company?

You might be asking yourself questions like these.

If so, do not despair, that’s why we are here.

These and many more questions will be answered on this post

We’ve even offered you a solution to the problem that this law can generate for you.

So, let’s continue…

What is CCPA?

CCPA Legal Stuff

California Consumers Privacy Act, (known as CCPA), went into effect on July 1, 2020

This law was passed in June 2018 by the California State Senate with the goal of empowering netizens about the data that computer systems collect about them for commercial purposes.

Among the rights that the law grants to California citizens is to request the companies that handle information for commercial purposes the following services:

  • View the categorized data considered as personal.
  • Delete user data from your system
  • Send a request not to sell your data to third companies

Who does the CCPA apply to?

CCCPA applies to any business, including any for-profit entity that collects personal data from consumers, does business in California, and meets at least one of the following requirements:

  • Have a gross annual income of more than $ 25 million
  • Buy, receive or sell the personal information of 50,000 or more consumers or households
  • Earn more than half of your annual income from the sale of consumer personal information

If your business somehow collects information from netizens located in California, you should be preparing to apply methods that allow users to exercise their right under the CCPA.

What problems the CCPA could mean for your company or business?

In the process of incorporating support to your company for this law, you can find different setbacks among which are:

  • Manually process each user request
  • Perform verification of user information in your company, this can be complicated when user data is distributed in different storages (Databases, storage provider systems, different departments within your company)
  • Manually maintain the user’s request history for legal purposes and access restrictions for future requests.
  • Manually respond to each user once their request has been processed

This requires your company to modify its work process, possibly assigning one or more workers to attend to these requests, not to mention how delicate the process is.

Seriously?

Yes, but this shouldn’t be that complicated, right?

Do not worry, OptimalBit LLC brings you the solution.

For one problem, one solution

Business owners jumping of joy due success applying the CCPA regulation with OptimalBit LLC

OptimalBit LLC has gone a step forward to avoid that your company has to alter its process, for this we have designed a computer system that reduces the effort of your company to a minimum.

The solution that we propose to you automatically:

  • Generate a form for the user to create the request
  • Verify that the company contains information about the user
  • Ensures that the user only requests an action once it is verified and guarantees to be able to identify it
  • Manages all data sources that the company has registered in the System
  • Send responses to the user as configured in the System for each status of their request: success, rejected, in progress
  • Notify managers when a request needs their supervision
  • Registers, keeps unalterable and allows viewing the history of requests and the responses issued to a user.
  • Ensures that a user only makes the number of requests defined by the company in the 1-year period.
  • Exposes endpoints for integration with external services
  • Manages external services configured in the System.

It is not complicated.

With a single system and a small configuration, your company can be in tune with the legal regulations of the United States, especially with the state of California.

Frequently Asked Questions

  • How is CCPA different than GDPR?

    Unlike the GDPR, the CCPA provides several specific carve-outs from its scope of application, such as medical information and protected health information. The CCPA also excludes personal information the transfer of data to a third party in the context of a merger (from the definition of “selling”).

  • What is considered personal information under the CCPA?

    Personal information is information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.

  • How do I get CCPA compliant?

    -Know Your Obligation to the CCPA
    -Map Consumer Data
    -Update Privacy Disclosures
    -Create a Homepage Privacy Link
    -Develop a Process for Handling Consumer Requests
    -Identify and Implement System Changes
    -Train Employees
    -Strengthen Data Security

  • What are the CCPA categories?

    -Identifiers including real name, alias, postal address, unique personal identifier, online identifier, internet protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers
    -Characteristics of protected classifications under California or federal law
    -Commercial information, including records of personal property, products, or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
    -Biometric information
    -Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement
    -Geolocation data
    -Audio, electronic, visual, thermal, olfactory, or similar information
    -Professional or employment-related information
    -Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (FERPA)

  • What are the penalties for violating CCPA?

    Civil penalties can range from $2,500 for a non-intentional violation to $7,500 for an intentional violation. A business is not liable if it cures any noncompliance “within 30 days after being notified of alleged noncompliance” (although some types of noncompliance – or a data breach – may not be capable of “cure”).

  • What is a sale under CCPA?

    Sale within the context of the CCPA is defined (Section 1798.140(t)) as: selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.

  • Do I have to comply with CCPA?

    If you are collecting data from California residents, you may need to become CCPA compliant. As businesses continue to collect and use personal information in new ways, the CCPA aims to regulate what data they can collect, who they can collect it from, and how companies need to manage their consumer data.

  • Is IP address personal information under CCPA?

    IP addresses will not be considered “personal information” for purposes of the CCPA, so long as the business does not link the IP addresses that they collect with an individual consumer or household.

  • Is collecting IP address legal?

    IP addresses are what make the Internet work, and without collecting and using them, there is no internet. Therefore, regardless of whether it is “personal data”, it is clear that certain collection, use and analysis of IP addresses is permitted and necessary as long as the business does not link the IP addresses that they collect with an individual consumer or household.

Conclusions

California consumer owning its data due to the successful application of CCPA regulation through OptimalBit LLC

The new California Consumers Privacy Act (CCPA) provides to California netizens the opportunity to own how their personal information is handled by third-party companies and businesses in order to maintain a web more transparent and secure.

To accomplish whit this law, companies might face many setbacks

Reason why, OptimalBit LLC provides an easy and efficient solution focused on both, companies and California citizens as well.

Resources

California Consumer Privacy Act (CCPA)

California Consumer Privacy Act (CCPA) by the Department of Justice of the State of California: Proposed Regulations Package Submitted to OAL

Comments

Leave a Reply

Your email address will not be published. Required fields are marked (*)

This site uses Akismet to reduce spam. Learn how your comment data is processed.