What is CCPA?
The California Consumer Privacy Act (CCPA) gives California residents the right to view data a company collects about them, receive a copy of this data, find out whether the information has been sold or shared with another company and to say no to further sale of their data. Californians can also request that their data be deleted.
The CCPA covers names, usernames, passwords, phone numbers and physical addresses. In addition, the law applies to demographic (“graph”) data that characterizes you, like employment, race, religion, marital status, interests and hobbies, biometrics, browsing history and location data.
The law impacts businesses that make over $25 million in gross annual revenues or maintain personal information for 50,000-plus consumers, households and devices. Additional regulations apply to businesses that have collected data on 4 million or more consumers.
A brief history of CCPA
CCPA, which was enacted in 2018, is one of the most significant legislative privacy developments in the U.S. Its adoption reflects growing concerns about online privacy that were underscored by the passage of the EU’s General Data Protection Regulation (GDPR). Although there are significant differences between GDPR and CCPA both laws hold companies accountable for how they request, store and provide access to personal data.
What is the reach of CCPA?
CCPA applies to any company that does business in California. It has worldwide impact because California ranks as the fifth largest global economy. An early adopter, Illinois enacted the Biometric Information Privacy Act which guards against the unlawful collection and storing of biometric information in 2008. In 2019, Maine passed the Act to Protect the Privacy of Online Customer Information, and Nevada passed An Act relating to Internet Privacy. Other states have privacy initiatives in the planning stage. On the federal level, in the U.S. Congress and Senate have considered several bills that address online privacy.