The CCPA is the California Consumer Privacy Act, a data privacy law introduced in 2018 and enacted in 2020. It protects some of Californians’ personal information and their rights to maintain some control over that information. The CCPA covers all California residents, which means that any businesses that are covered by the law and have customers in California must comply with it, even if the business is in another state or continent. All for-profit companies with gross revenue of $25 million are bound by the CCPA, as well as businesses with personal information on 50,000 customers.
The rights that the CCPA gives California residents are:
These regulations do have some exceptions, and only certain businesses are required to comply with them. For example, nonprofit organizations are not bound by CCPA, and neither are certain credit reporting agencies. California residents are also limited in the legal actions they can take when businesses don’t meet CCPA regulations. They may only sue in certain cases of data breach. The California attorney general can take action against a business that has run afoul of the law, but the California government website states that the attorney general does not directly represent residents or their complaints against businesses.
The CCPA – and businesses’ scramble to comply with its strictures – have highlighted the proliferation of personal data sales. While businesses rely on huge amounts of customer information to market products and manage customer relationships, privacy regulations remind consumers and businesses alike that using others’ data is a privilege, not a right. The California Privacy Rights Act (CPRA), part of the November 2020 ballot, would amend and strengthen the CCPA and give businesses around twelve to eighteen months to put it into place.