What You Should Know About the California Consumer Privacy Act

Who’s following you around on the Internet? It might be a company like Amazon reminding you about a product you’ve been looking at on their website. Or it could be an ad from a financial firm that is targeted to people in your income bracket. Even charities and nonprofits get into the mix with requests for donations geared to our ages and interests. Our Internet searches and the information we share on social media have become fair game for organizations who want to use or sell personal data to make a profit.

However, the rules are starting to change. GDPR had a major impact on the privacy of Europe’s personal data and affected US companies who do business there. We began blogging and distributing educational material about GDPR even before the regulation went into effect. Now our attention is also on the California Consumer Privacy Act (CCPA). CCPA, which went into effect on January 1, 2020, and is an extremely significant US legislative privacy initiative. It has the potential for worldwide reach given the fact that California has the fifth largest global economy.

California is the first state to pass a law that brings control of personal data back into the hands of consumers. CCPA grants them the right to view the data a company has collected about them, receive a copy of their data, find out whether the information has been sold or shared with another company and to say no to further sale of their data.

Yahoo reports that “Small businesses aren’t affected under the CCPA, but businesses that make over $25 million in gross annual revenues or have personal info for 50,000-plus consumers are impacted. Extra regulations apply to businesses with the data for 4 million or more consumers. That means major retailers doing business in California such as Walmart, Amazon and Target will have to make adjustments to comply.”

CCPA makes data security more important than ever

 “GDPR and CCPA compliance are the boxes every modern business must be able to check off with confidence.” DocuWare President Dr. Michael Berger says. “Both rulings reflect the global trends that hold companies accountable for how they request, store and provide access to personal data, and should be taken seriously by any organization to which they apply.”

Although there are major differences between GDPR and CCPA each is geared to protecting an individual’s right to privacy.  DocuWare provides a technology infrastructure that is flexible enough to meet any emerging regulatory requirements. Our solution ensures that documents and data are captured, processed and stored securely and protected against misuse or loss. A robust rights structure enforces confidentiality by controlling which documents and data users can view, retrieve, edit, export, modify and delete. Because of our commitment to security and data privacy, DocuWare never sells or shares customer data.

According to PwC, these CCPA requirements will have the biggest business impact:

1. Data inventory and mapping of in-scope personal data and instances of “selling” data
2. New individual rights to data access and erasure
3. New individual right to opt-out of data selling
4. Updating service-level agreements with third-party data processors
5. Remediation of information security gaps and system vulnerabilities

cnet.com, a US media website that publishes reviews, articles, and blogs on technology, explains that CCPA covers names, usernames, passwords, phone numbers and physical addresses. It also covers biometric information like fingerprints or facial recognition data, browsing history and location information. In addition, the law regulates information used by companies to track online behavior, such as IP addresses and device identifiers and information that can be used to characterize you, like race, religion, or marital status.

Find out which companies buy and sell personal data

The California Privacy Directory provides a list of companies that you can ask to remove your data. To eliminate an administrative burden, many of these companies are allowing people from outside of California to make this request as well.

The signing of CCPA into law has had widespread influence across the US. Maine and Nevada have already passed their own privacy laws. About 12 other states have privacy initiatives in the planning stages as well. The federal government is not far behind as Congress members submitted several privacy bills in the wake of CCPA. The Senate Commerce Committee has already held hearings on two competing bills.

 “As we did for GDPR, DocuWare is preparing to provide our customers with the resources they need to understand and comply with CCPA and other privacy laws that may arise,” DocuWare Compliance Manager Catherina Schneider-Nissen explains.