![\"\"](\"http:\/\/intersticeconsulting.com\/ibtt\/wp-content\/uploads\/2018\/07\/Privacy-act-of-2018-300x169.jpg\")
<\/p>\n<\/p>\n
Just when you thought you could catch your breath, California, on June 28, 2018, enacted the strictest data privacy law in the United States\u2014the California Consumer Privacy Act (\u201cCCPA\u201d). With striking resemblances to the GDPR, the new law will carry with it broad implications for businesses providing services to, or collecting data from, California consumers. By passing the bill, the California legislature secured time to review and amend the law before it becomes effective on January 1, 2020. The ink is far from dry on the new bill, and it will be the center of heated debates before it slams the streets of California.<\/p>\n
The tab for non-compliance? Any business that intentionally violates the CCPA may be liable for a civil penalty of up to $7,500 per violation. To put that in context, Yahoo\u2019s 2016 data breach of over 500 million accounts would have amounted in a fine north of 100 billion dollars. Like the GDPR, the CCPA will require organizations to reassess how they are handling personal information, data retention policies, third-party processing contracts, and master privacy policies. To ensure compliance, businesses must take steps similar to those that the GDPR requires, such as data mapping, data inventory, gap analysis, and drafting new privacy policies and contracts.<\/p>\n
Like the GDPR, the CCPA will require organizations to reassess how they are handling personal information, data retention policies, third-party processing contracts, and master privacy policies. To ensure compliance, businesses must take steps similar to those that the GDPR requires, such as data mapping, data inventory, gap analysis, and drafting new privacy policies and contracts.<\/p>\n
California\u2014with its roughly 39.5 million people\u2014boasts the fifth largest economy in the world. Given that businesses across the globe contribute to California\u2019s growing economy, the CCPA sets the new standard of privacy for anyone transacting business in the United States. In the modern digital world, the CCPA, like its influential digital counterpart\u2014the GDPR, are here to stay and shift privacy rights back to the hands of consumers. Let us help you with this hurdle to CCPA compliance.<\/p>\n
See chart below for a comparison of the CCPA and the GDPR.<\/p>\n
| <\/td>\n | General Data Protection Regulation (GDPR)<\/td>\n | California Consumer Privacy Act 2018 (CCPA)<\/td>\n<\/tr>\n |
| The basis for consent<\/td>\n | Opt-in<\/td>\n | Opt-out<\/td>\n<\/tr>\n |
| To whom it applies<\/td>\n | Anyone processing or controlling the processing of personal data of individuals located in the EU.<\/td>\n | For-profit businesses that process personal data of CA residents and satisfy one or more of the following thresholds:<\/p>\n A)\u00a0\u00a0\u00a0 Have annual gross revenue of $25 million or more;<\/p>\n B)\u00a0\u00a0\u00a0 Collects, sells or shares for personal purposes the personal information of at least 50,000 consumers, households, or devices; or<\/p>\n C)\u00a0\u00a0\u00a0 Derives 50% or more of its annual revenues from selling consumers\u2019 personal information<\/p>\n <\/p>\n The law also applies to affiliated, cobranded entities of businesses that meet the above criteria, even if the affiliate doesn\u2019t do business in CA.<\/td>\n<\/tr>\n |
| Individual Rights<\/td>\n | 1.\u00a0\u00a0\u00a0\u00a0 Access<\/p>\n 2.\u00a0\u00a0\u00a0\u00a0 Rectification<\/p>\n 3.\u00a0\u00a0\u00a0\u00a0 Erasure<\/p>\n 4.\u00a0\u00a0\u00a0\u00a0 Restriction of processing<\/p>\n 5.\u00a0\u00a0\u00a0\u00a0 Object to processing<\/p>\n 6.\u00a0\u00a0\u00a0\u00a0 Data portability<\/p>\n 7.\u00a0\u00a0\u00a0\u00a0 Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal<\/p>\n <\/td>\n | 1.\u00a0\u00a0\u00a0\u00a0 The right to know all data collected by a business on you.<\/p>\n 2.\u00a0\u00a0\u00a0\u00a0 The right to know whether their personal information is sold or disclosed and to whom.<\/p>\n 3.\u00a0\u00a0\u00a0\u00a0 The right to say no to the sale of personal information.<\/p>\n 4.\u00a0\u00a0\u00a0\u00a0 The right to access their personal information.<\/p>\n 5.\u00a0\u00a0\u00a0\u00a0 The right to delete your data.<\/td>\n<\/tr>\n |
| When does it come into effect?<\/td>\n | May 25, 2018<\/td>\n | January 1, 2020<\/td>\n<\/tr>\n |
| Potential Fines<\/td>\n | Up to \u20ac20 million or up to 4% of the total worldwide annual turnover, whichever is higher.<\/td>\n | A civil penalty up to $7,500 per violation<\/p>\n <\/p>\n Private individual right up between $100 and $750 per consumer, per incident.<\/td>\n<\/tr>\n |
| Time allowed to respond to a request<\/td>\n | One month<\/td>\n | 45 days<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Just when you thought you could catch your breath, California, on June 28, 2018, enacted the strictest data privacy law in the United States\u2014the California Consumer Privacy Act (\u201cCCPA\u201d). With striking resemblances to the GDPR, the new law will carry with it broad implications for businesses providing services to, or collecting data from, California consumers. … Continue reading California Consumer Privacy Act (CCPA)\u2014Or should we say CDPR?<\/span> |