#cybersecurity | California Consumer Privacy Act (CCPA): What you need to know to be compliant


In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law doesn’t have some of GDPR’s most onerous requirements, such as the narrow 72-hour window in which a company must report a breach. In other respects, however, it goes even farther.

The California Consumer Privacy Act (CCPA) takes a broader view than the GDPR of what constitutes private data. The challenge for security, then, is to locate and secure that private data.

What is the CCPA?

AB 375 allows any California consumer to demand to see all the information a company has saved on them, as well as a full list of all the third parties that data is shared with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.

Which companies does the CCPA affect?

All companies that serve California residents and have at least $25 million in annual revenue must comply with the law. In addition, companies of any size that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data, also fall under the law. Companies don’t have to be based in California or have a physical presence there to fall under the law. They don’t even have to be based in the United States.

An amendment made in April exempts “insurance institutions, agents, and support organizations” as they are already subject to similar regulations under California’s Insurance Information and Privacy Protection Act (IIPPA).

When does my company need to comply with the CCPA?

The law goes into effect on January 1, 2020. As a practical matter, companies need to have their data tracking systems in place by the start of 2019, since it gives consumers the right to request all the data a company has collected on them over the previous 12 months. That’s a very tight timeframe.



Click here for the Source to this story.

Leave a Reply