A Practical Guide to CCPA for U.S. Businesses

Inspired by Europe’s General Data Protection Regulation (GDPR), the State of California has set a new precedent with the passage of the California Consumer Privacy Act (CCPA). The major data incidents last year have driven citizens into a frenzy about securing their data, and states have rushed to developing and passing policies and legislation. California has become the first state to pass anything similar to the GDPR in the United States. This, of course, sets the precedent and will likely become the go-to model for other states. If you store or process customer data in your business, then this article is for you. In the coming years, businesses across the United States can expect to see a surge of privacy-based policy both on the state and national level.

CCPA Basics & Clarification

The CCPA was developed based on a previous policy, the GDPR and recent data breaches. As stated in AB-375, in 1972 voters amended the California Constitution to include privacy as an inalienable right. The CCPA expands this to include digital data, stating, “Fundamental to this right of privacy is the ability of individuals to control the use, including the sale, of their personal information.”

The policy itself cites previous attempts to safeguard the privacy of California citizens. However, nothing like the CCPA has been attempted before. The policy also cites the Cambridge Analytica incident, which violated the trust and privacy of Facebook users. Included in section 2 of the CCPA are the following “rights” defined as the ultimate goals of the policy:

• (1) The right of Californians to know what personal information is being collected about them.
• (2) The right of Californians to know whether their personal information is sold or disclosed and to whom.
• (3) The right of Californians to say “no” to the (Read more...)