What is the California Consumer Privacy Act?

by / Thursday, 16 May 2019 / News Category Business 2 Community

qimono / Pixabay

Societies are becoming more digitized. This makes collecting consumer data — such as name, age, and email address — a vital element for businesses. Potentially adding to the stress is the California Consumer Privacy Act (CCPA) which comes into effect on January 1st, 2020.

The CCPA’s goal is to give customers more information and control over how their personal information is being used. It will apply to businesses that target California residents and California-based customers (basically, anyone who pays taxes to the State of California).

The CCPA requires businesses to get consent before collecting customers’ personal information. Business must disclose the following before or at the time of collecting customer data:

  • The type of personal information you seek to collect
  • The source or medium used to collect personal information
  • The purpose of collecting and selling personal information
  • The type of third-parties that will receive personal information

Upon customer’s request, businesses must share this information along with the customer’s personal data. Businesses must also delete customers’ personal information upon request in most situations.

Another important clause is that businesses must offer a “Do Not Sell My Personal Information,” opt-out choice. For customers under age 16, this has to be an opt-in choice. Furthermore, businesses can not discriminate against customers based on their personal information.

The CCPA requires businesses to be transparent in how they handle customer’s personal information. Failure to comply can lead to a fine up to $2500 per violation or $7500 if the violation was intentional. Additionally, infringing the CCPA can damage a business’ brand. Consequently, being aware of the CCPA is crucial for your business’ success.

What similarities does this have with GDPR?

Both the CCPA and GDPR are similar because businesses must be transparent. Businesses must disclose the following to their customers:

  • Which personal information is being collected.
  • How personal information is being collected.
  • Which third-parties will have access to personal information.

They are also alike in that these regulations apply to businesses outside of the EU and California. However, they are different in that the GDPR is more broad while the CCPA narrowly focuses on privacy rights.

The GDPR focuses more with how personal information is processed. It regulates disclosures that need to be made (like the CCPA). It also addresses particular procedures, like how businesses should handle a data breach (unlike the CCPA).

Under the GDPR (and not the CCPA), businesses must seek consent before making automatic decisions based on personal information.

The GDPR focuses on comprehensive privacy and security practices. Meanwhile, the CCPA emphasizes on maintaining customer’s consent.

Nonetheless, it is important your business carefully examine both laws. While the GDPR can appear more extensive, following the GDPR will not lead to complying the CCPA. For example, the GDPR asks for an opt-in privacy option while the CCPA requires an opt-out. LoginRadius’ experience with handling global regulations and can ensure your business complies to various data-related mandates.

What steps do businesses need to take to get ready?

Preparing to follow the CCPA can feel overwhelming. In fact, almost half of 250 surveyed American companies haven’t started with implementing appropriate privacy policies (TrustArc, 2019). We grouped together key points of the CCPA into few steps to help you and your business prepare for the CCPA.

First, make sure your organization’s decision makers and key individuals are aware of the CCPA. They should be attentive to the following:

  • What the CCPA is
  • When the CCPA comes into effect (January 1st, 2020)
  • How it changes existing business practices

Next, document and organize your existing customers’ personal information. It is important your business knows this:

  • Which personal information is being collected
  • How personal information is being collected
  • Why personal information is being collected
  • Where personal information is being stored
  • Who the personal information is being shared with

This will help you set-up an efficient system for information retrieval at your customers’ request. If you don’t already, consider having a Data Protection Officer or a Data Protection Team to handle these requests.

It is also important you review your privacy policy and ensure it complies with the CCPA. Importantly, make sure it doesn’t conflict with the GDPR regulations.

For those directly interact with customers, you should consider training them on your privacy policies and procedures. This can help with creating a smoother experience for your customers and more efficiency within your team.

Despite CCPA may feel like a burden on your business, you should also recognize it as an opportunity. Privacy is valuable to customers. Therefore, successfully implementing the CCPA requirements on-time can give a leading edge to your brand that adds to your business’ success.


The GDPR and CCPA are just the beginning of digital privacy laws. So, you should prepare to thrive during this international trend.

The CCPA applies to businesses that target California-based customers. Unlike the GDPR, the CCPA is more focused on giving customers disclosure and seeking consent to collect and use their personal information.

Read more on Business 2 Community 

Related News
Many industries felt the impact of our recent financial crisis, including automotive. Traditionally an integral part of our economy and culture, car sales in once strong markets are in decline ...
European privacy regulators gathered to discuss the growing public outcry over how governments and tech giants gather and use people's data. Source:: European Privacy Debate on Display in Paris
Never reported: Torontonian uses big data and privacy expertise to create anonymous index of sexual assault
Lauren Reid has a unique contribution to the ongoing conversation about unreported rapes and the climate for addressing sexual assault claims.Raped three times — once in high school and twice ...
MIDDLETOWN, Calif. (AP) — Two of California's fastest-burning wildfires in decades overtook several Northern California towns, killing at least one person and destroying hundreds of homes and businesses and sending ...
422737 / PixabaySince pulling the plug on Google +, Google has been putting more effort and focus into providing businesses with more options to maximize their exposure through its platform.Google ...
rawpixel / PixabayAttracting new customers while retaining current ones can be a challenge for even the most established businesses. Luckily, there are resources available to help market your business, meet ...
The embattled subprime mortgage servicer agreed to pay $2.5 million in penalties and pay for a third-party auditor to ensure that the firm complies with regulators' requests for information. Source:: ...
The availability of customer data provides endless opportunities for businesses. Businesses can use customer data to amplify their marketing efforts, better understand their customers, hit targets, and grow their business.The ...
Vroooom! 3 Ways Consumer Marketers Can Accelerate Growth
European Privacy Debate on Display in Paris
Never reported: Torontonian uses big data and privacy
Northern California fire destroys 400 homes, businesses
The Benefits of Google My Business
3 Things Your Small Business Needs to Grow
Ocwen Reaches Settlement With California Regulator
Lacking a Data Strategy That Makes Sense?
Share Button

Leave a Reply