The California Consumer Privacy Act (CCPA) officially went into effect on January 1st, 2020.
The CCPA is seen as a counterpart to the General Data Protection Regulation (GDPR) that was passed by the European Union and went into effect in the spring of 2019. CCPA allows any California resident to view any and all data that a company has saved about them. This includes any location information, products purchased, browsing history, employment history, and education information.
The law also grants individuals the right to see a list of any third parties that the saved information has been shared with. It also provides a pathway for a consumer to sue a company if privacy guidelines are breached.
The law applies to any company that serves California residents and has an annual revenue of over $25 million. It also applies to any company that has personal data stored for more than 50,000 individuals and any companies that attribute over half their revenue from the sale of data collected from consumers.
Companies do not need to be based or have a physical presence in California to be affected by the CCPA. The international nature of online commerce essentially makes the CCPA a national law.
Any businesses that are affected by the law were expected to have data tracking services operational by January 1st, 2020. As the law allows customers to request a full year’s worth data collection, those data tracking tools should extend at least into 2019. If a violation is reported, a company will have 30 days to resolve the issue or a $7,500 fine will be incurred. The law also allows for penalties to be paid to individuals affected by any violations.