How the California Consumer Privacy Act Affects Your Business (Even If You’re Not in California) | KnowledgeCity Skip to content
KnowledgeCity

By KnowledgeCity

How the California Consumer Privacy Act Affects Your Business (Even If You’re Not in California)

Business 6 min read

Time seems to be speeding up these days, and even with calendar notifications popping up every two seconds, things tend to fall through the cracks more than we’d like. For instance, are you up-to-date with the General Data Protection Regulation (GDPR)? It went into effect last year. And what about the California Consumer Privacy Act (CCPA), which went into effect as of January 1, 2020? 

Even if you were aware of them, they’re brand-new regulations so it’s understandable if you haven’t gotten caught up. But not to worry – we’re going to dive into the CCPA today and explore how you can ensure your company stays in compliance.  

Confident mature businesswoman with glasses, holding papers and sitting by laptops in a modern office.

What Is the CCPA?

The CCPA is a piece of California legislation designed to give California citizens stronger data privacy rights than any other state. Initially enacted in 2018, with changes going into effect in 2020, the law protects consumer rights regarding access to, deletion of and sharing of personal information collected by businesses. 

Similar to Europe’s General Data Protection Regulation (GDPR), the CCPA protects consumers’ major rights when it comes to online data and commerce. As of January 1, 2020, these are the protections set in place under the CCPA:

  • Right to notice: Businesses are required to notify customers what type of personal information they collect and the purpose for which it is used.
  • Right to access: Consumers have the right to access their personal information. Consumers also have the right to request that an organization disclose what information has been collected, where the information came from and the purpose of collecting the information. 
  • Right to opt out: Consumers have the right to opt out of having their personal information sold by businesses. Children between the ages of 13 and 16 must opt into having their personal information sold. Children under the age of 13 must have a parent or guardian consent to the use of that child’s private information.
  • Right to deletion: Consumers have the right to request that an organization delete their personal information. 
  • Right to equal services and prices: Companies are prohibited from discriminating against consumers based on private information gathered.

How the CCPA is Impacting Businesses

The CCPA has created new obligations for businesses, and it is important to fully understand how the CCPA can affect the way your organization does business. Here are several things that you should be aware of now:

  • All companies that serve California residents and have at least $25 million in annual revenue must comply with the CCPA. If your company does any business at all with individuals who live in the state of California, you must be compliant, even if your business is not located in the state.
  • Companies of any size or revenue that have personal data on at least 500,000 people and earn more than half of their revenue from selling personal data must also comply.
  • Companies need to comply as of January 1, 2020, but full enforcement of the law is not until July 2020.
  • Insurance institutions, agents and support organizations are exempt because their regulations are under a different California legislation.

When it comes to the deletion of information, you should always be ready to clear out any data upon request. However, this does not mean that you always have to comply when a request is made. An organization is allowed to deny a request for deletion of information if the information is needed to:

  • Identify or repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the rights of consumers to exercise free speech or exercise another right protected by law.
  • Engage in public or peer-reviewed scientific, historical or statistical research for public interest.
  • Comply with a legal obligation not otherwise mentioned.

How You Can Stay in Compliance with the CCPA

Staying in compliance with the CCPA isn’t difficult if your organization fully understands this law. Here are some ways your company can be in compliance with the CCPA: 

  • Provide notice to consumers that your organization is collecting data. Notifying customers can include updating privacy policies about the type of information that is collected and consumer rights.
  • Create procedures for responding to requests from consumers, including requests about what kind of data is collected, requests to opt out and requests to delete information. Organizations are required to have at least two ways for consumers to make these requests. When a request is made, organizations are required to verify that the consumer is who they say they are. Once verified, an organization has 45 days to provide the information requested by the consumer.
  • Ensure that all individuals who handle customers’ data know and understand all regulations.

If your organization is found in violation of any part of the CCPA, you will have 30 days after being notified to correct the problem and comply with the law. If any organization is found to have intentionally violated the CCPA, it can face a monetary penalty of up to $7,500 for each violation. Furthermore, the CCPA makes it allowable for a consumer to sue an organization if there was a breach in data security. Organizations could pay penalties of $100 to $750 per consumer per incident. 

Because other states are drafting similar regulatory laws, organizations can prepare themselves by following the CCPA and GDPR regulations. Nevada and Maine have already enacted their own regulations, and many more states have bills in progress

Understanding the Nuances

Although the CCPA is a somewhat revolutionary piece of legislation in the United States, with California being the first state to enact such a law, the concepts of the CCPA are not new. It is closely modeled after the GDPR, and with a vast amount of e-commerce being global in today’s world, most organizations are already on track to be in compliance with these sorts of data regulations. However, it’s crucial that you protect your business by understanding the nuances in these regulations and keeping your organization safely in compliance.

KnowledgeCity’s course “GDPR and CCPA” covers both of these sweeping regulatory laws in great detail so that you can make sure that your business is operating at its peak ability rather than being hindered by complex data regulation laws. The course explores what each regulation is, who must comply, how one can comply, as well as consumer rights. With these changes happening rapidly, it’s important to stay up-to-date with courses like these so that your organization does not fall out of compliance.

Keep Reading

Related articles

Safety

How Construction Incident Reports Surface the Training Gaps That Lead to Repeat Site Failures 

Key Takeaways Isolated incident reports satisfy OSHA recordkeeping but miss the pattern: a single fall or tie-off failure at one site cannot be connected to the…

KnowledgeCity11 min read
Learning and Development

What Happens When a University LMS Goes Down the Week Before Finals 

Key Takeaways Concurrent submission spikes, media uploads, and authentication requests arrive at three to five times a university LMS's baseline. Fixed-capacity infrastructure offers no elasticity for…

KnowledgeCity10 min read
Recruiting

The Promotion Decision Most Organizations Are Still Making Without Talent Assessment 

Key Takeaways Gallup's 2015 State of the American Manager found that "organizations fail to choose the candidate with the right talent for the manager job a…

KnowledgeCity11 min read

Everything your workforce needs, on one platform.

A quick walkthrough tailored to your team — learning, compliance, skills, and performance on one login.

What to expect in your demo:

Your goals & challenges

A focused conversation about your team’s goals and where training falls short today.

See it in action

A live demo of the course library, LMS, compliance, skills, and performance tools.

Pricing for your team

Straightforward pricing based on your team size and the solutions you choose.

Answers & next steps

Integrations, rollout, support — ask anything and leave with a clear plan.

Request your demo

Tell us about your goals and we’ll tailor the walkthrough to your team.

By requesting a demo, you agree to our Privacy Policy.