How CCPA will Impact your Business & Privacy Operations
Have you managed to check-out the footer of the business websites of late? If you have seen the buttons such as “Opt-out form” or “Don’t Sell My Personal Information” at the bottom of the business websites, then you probably already have an idea about what CCPA is.
Stepping into 2020, you may be baffled by the question, “How CCPA will impact your business & privacy operations?”
What is CCPA?
CCPA stands for the California Consumer Privacy Act 2018 & is an act introduced by Ed Chau, to improve the methods of safeguarding the personal data of the customers residing in California (U.S.A). The bill became legally abiding on 28 June 2018 & was officially called AB-375.
How Businesses can Gear-up for CCPA
To understand how CCPA will impact your business, you need to first understand the scope of CCPA & the right it entitles to the customers who are the residents of California.
CCPA defines data in section 1798.140(o)(1) & accordingly the businesses need to do tweaks in their privacy policies & reporting processes based on the inferences drawn from data or when personal data is combined with other data.
Businesses need to determine differences between household data & individual data. Suppose a hypothetic scenario wherein a husband & wife share a joint account on a movie sharing service. In such scenarios, businesses will need to introspect whether they need to record their behavior as individuals or as a group.
The bill guarantees the customers the following rights regarding their personal data & businesses need to upgrade the operational under tummies to ensure that the same are guaranteed to all their customers who are residents of California & who wish to exercise any of the following rights that they are entitled to under CCPA:
- Right to know what personal data is collected by the businesses & how it is being used
- Right to deny the sale of their personal information
- Right to delete their personal data at will
- Right to be informed of any changes in the range of personal data collected & to be informed of the categories of personal data collected
- Right to the children under the age of 16 years to authorize for themselves to opt-in before the sale of their personal information (PI) & right to the parents of children below the age of 13 years to provide consent on the behalf of their children for the processing of their personal data
- Right to know the details & categories of third-parties with whom the personal data is being shared
- Right to comprehend the business or commercial purpose behind the data collection
- Right to lawful actions if the companies breach personal data
- Right to non-discrimination is the right under the section 1798.120 of CCPA that obliges the businesses not to discriminate against its customers who are residents of California just because they want to exercise the rights they are entitled to under CCPA
- Identifiers:
- Customer records information:
- The protected classifications under California or federal law:
- Commercial Information:
- Biometric Information:
- Information collected from the Internet of Things & other Electronic Activity:
- Electrical, olfactory, audio, visual, thermal or similar information:
- Professional or employment details:
- Educational Background:
- Inferences:
- Has an annual revenue exceeding $25 million
- Is Involved in buying or selling of personal information of 50,000 or more customers or households; or
- Is Earning more than 50% of its annual revenue from selling customers’ personal data
- Reciprocations to the Access Requests:
- Review those Third-party Agreements:
- Change your Conventional Ways of Communication with Customers:
- Businesses need to inform the customers about the collection of their personal data & about the category of personal data is collected
- Under the specific right to opt-out of the sale of personal information, businesses must include a “Don’t Sell My Personal Information” link on their home page.
- Businesses need to publicly share the list of categories of personal information collected by them & need to update the information every 12 months.
- Customers must be provided with at least two methods for submitting requests for disclosure with at least a toll-free number & electronic mode of form submission highlighted on the website.