In this age of information, data protection is ever-more important. To address growing consumer concerns over a right to privacy regarding data and information collection, California passed the California Consumer Privacy Act (CCPA) in June. The act implements key requirements for businesses that will aid consumers in keeping their information and data private, if they wish. It is one of the strictest privacy bills to be passed in the United States and will go into effect in January. So what do you need to do to make sure your business is CCPA compliant?
While this law is seminal in America, Europe led the way in 2018 to ensure consumer data privacy with the General Data Protection Regulation (GDPR), which set the ball rolling for stricter data privacy laws worldwide. When GDPR came into effect, it also affected businesses outside Europe who dealt, in any way, with European consumers or clients—meaning it affected many American businesses, and planners who collected data from EU attendees, as well.
(For a refresher on what GDPR was and tips on how to remain compliant with it, check out this Smart Meetings article.)
Now, with imminent implementation of CCPA, it’s time for anyone who collects data from Californians to look at their marketing practices to make certain of compliance.
Key Requirements of the CCPA
Following are the four key requirements of the CCPA, as stated in a press release from the Attorney General of California.
- Businesses must disclose data collection and sharing practices to consumers;
- Consumers have a right to request that their data be deleted;
- Consumers have a right to opt out of the sale or sharing of their personal information; and
- Businesses are prohibited from selling personal information of consumers under the age of 16 without explicit consent.
Fines under the CCPA will cap at $7,500 per violation, although unintentional violations will only be liable for fines up to $2,500 per violation.
Since the law’s enactment, the attorney general’s office has been holding a public comment period as part of the law’s review process. This means any individuals or businesses that wish to comment on the law may contact the attorney general’s office before Dec. 6. Additionally, the attorney general will hold public hearings in Sacramento, Los Angeles, San Francisco and Fresno in the first week of December for those who wish to say their piece in person.
Even after January, a six-month grace period from enforcement will allow businesses to acclimate to the new law.
Now would be a good time to make sure your marketing and data collection adheres to the new requirements. And hey, compliance can become a marketing strategy in and of itself! Who wouldn’t love to have a little more control over their data?