What is the California Consumer Privacy Act?
Societies are becoming more digitized. This makes collecting consumer data — such as name, age, and email address — a vital element for businesses. Potentially adding to the stress is the California Consumer Privacy Act (CCPA) which comes into effect on January 1st, 2020. With technology, LoginRadius can help your business avoid large legal and publicity mishaps.
The CCPA’s goal is to give customers more information and control over how their personal information is being used. It will apply to businesses that target California residents and California-based customers (basically, anyone who pays taxes to the State of California).
The CCPA requires businesses to get consent before collecting customers’ personal information. Business must disclose the following before or at the time of collecting customer data:
- The type of personal information you seek to collect
- The source or medium used to collect personal information
- The purpose of collecting and selling personal information
- The type of third-parties that will receive the personal information
Upon customer’s request, businesses must share this information along with the customer’s personal data. Businesses must also delete customers’ personal information upon request in most situations.
Another important clause is that businesses must offer a “Do Not Sell My Personal Information,” opt-out choice. For customers under age 16, this has to be an opt-in choice. Furthermore, businesses can not discriminate against customers based on their personal information.
The CCPA requires businesses to be transparent in how they handle customer’s personal information. Failure to comply can lead to a fine up to $2500 per violation or $7500 if the violation was intentional. Additionally, infringing the CCPA can damage a business’ brand. Consequently, being aware of the CCPA is crucial for your business’ success.
What similarities does this have with GDPR?
Both the CCPA and GDPR are similar because businesses must be transparent. Businesses must disclose the following to their customers:
- Which personal information is being collected.
- How personal information is being collected.
- Which third-parties will have access to the personal information.
They are also alike in that these regulations apply to businesses outside of the EU and California. However, they are different in that the GDPR is more broad while the CCPA narrowly focuses on privacy rights.
The GDPR focuses more on how personal information is processed. It regulates disclosures that need to be made (like the CCPA). It also addresses particular procedures, like how businesses should handle a data breach (unlike the CCPA).
Under the GDPR (and not the CCPA), businesses must seek consent before making automatic decisions based on personal information.
The GDPR focuses on comprehensive privacy and security practices. Meanwhile, the CCPA emphasizes on maintaining customer’s consent.
Nonetheless, it is important your business carefully examine both laws. While the GDPR can appear more extensive, following the GDPR will not lead to complying the CCPA. For example, the GDPR asks for an opt-in privacy option while the CCPA requires an opt-out. LoginRadius’ experience with handling global regulations and can ensure your business complies to various data-related mandates.
What steps do businesses need to take to get ready?
Preparing to follow the CCPA can feel overwhelming. In fact, almost half of 250 surveyed American companies haven’t started with implementing appropriate privacy policies (TrustArc, 2019). We grouped together key points of the CCPA into few steps to help you and your business prepare for the CCPA.
First, make sure your organization’s decision-makers and key individuals are aware of the CCPA. They should be attentive to the following:
- What the CCPA is
- When the CCPA comes into effect (January 1st, 2020)
- How it changes existing business practices
Next, document and organize your existing customers’ personal information. It is important your business knows this:
- Which personal information is being collected
- How personal information is being collected
- Why personal information is being collected
- Where the personal information is being stored
- Who the personal information is being shared with
This will help you set-up an efficient system for information retrieval at your customers’ request. If you don’t already, consider having a Data Protection Officer or a Data Protection Team to handle these requests.
It is also important you review your privacy policy and ensure it complies with the CCPA. Importantly, make sure it doesn’t conflict with the GDPR regulations.
For those who directly interact with customers, you should consider training them on your privacy policies and procedures. This can help with creating a smoother experience for your customers and more efficiency within your team
Despite the CCPA may feel burdensome to your organization, you should also recognize it as an opportunity. Privacy is valuable to customers. Therefore, successfully implementing the CCPA requirements on-time can give a leading edge to your brand that adds to your business’ success.
How The LoginRadius Identity Platform helps solve CCPA Concerns
TrustArc (2019) surveyed 250 different American companies of various sizes from different industries. They found that many need help with meeting CCPA regulations. Privacy is a legal challenge that can be solved with technology. As experts in customer identity and access management (CIAM), LoginRadius can help your business meet your legal needs. Our intelligent software complies with various international regulations, and it is easy to use.
When looking at TrustArc’s statistics, 63% of surveyed American companies need help with getting External Certification of Validation for the CCPA regulations. Additionally, over 60% of these companies need help with implementing privacy engineering and data transfers.
LoginRadius currently offers GDPR-certified CIAM software. Click here for details on how that works. We are focused on making sure our technology meets with CCPA regulations and future international privacy laws.
Next, 56% of American companies report needing help with getting direct marketing consent. The LoginRadius Identity Platform allows for customizable registrations. With this tool, you can disclose your privacy policies and ask for consent. The LoginRadius Identity Platform also helps with age validation and determine which type of consent is appropriate for your customer.
With the CCPA, your organization needs to prepare for consent withdrawal. The LoginRadius Identity Platform centralizes all your customers’ personal information. You can document and manage your customers’ consent including withdrawal.
Giving access to customers’ personal information is another core component of the CCPA. With the LoginRadius Identity Platform, customer data is unified into one profile. Your team can easily access a customer’s information. You can also export it in an easy-to-read format, leading in a happy customer.
On top of all this, LoginRadius offer all these options with top-notch security. We can ensure your customers’ data is safe in various ways. For example, our software can encourage your customers to use intelligent passwords, protect the data against brute force attacks from hackers, and so much more.
The CCPA is coming into effect on January 1st, 2020. Moreover, there is a global movement towards data privacy and security. Using technology, LoginRadius can help meet that need. We can help you maintain your customers’ trust in your organization.
Summary
The GDPR and CCPA are just the beginning of digital privacy laws. So, you should prepare to thrive during this international trend.
The CCPA applies to businesses that target California-based customers. Unlike the GDPR, the CCPA is more focused on giving customers disclosure and seeking consent to collect and use their personal information.
LoginRadius can meet your legal needs and optimize this legal event. Our CIAM software securely collects and intelligently organizes your customers’ personal information. Ultimately, we can help to boost your brand in the market.
*** This is a Security Bloggers Network syndicated blog from LoginRadius authored by Sally Maeng. Read the original post at: https://www.loginradius.com/blog/2019/05/ccpa-introduction/
