California Consumer Privacy Act
There’s a market for your personal data. Companies collect, use, and sell this data daily. Whether it’s information you’re willingly sharing with a service or something that has been data-mined, it’s out there.
Legislators are starting to realize there’s a real need for oversight (Thanks Mr. Zuckerberg) and there have been efforts across the globe to control what companies can collect and use. The California Consumer Privacy Act is the first major US legislation to take action, but this means that certain businesses will need to seriously look at the way they’re collecting and using user data.
Wait – why did you decide to write about this over 2 year old bill? Didn’t you guys just do a blog on GDPR?
Well, I am, and yes, we did. But you shouldn’t really compare these things. California’s Consumer Privacy Act isn’t some looming specter from across the pond, but a very real set of regulations that will be enforced starting July 1, 2020. And guess what – this doesn’t only apply to California and Californians. If you get traffic from The Golden State and meet the conditions detailed in this blog, you need to be compliant.
CCPA, GDPR…. OMG
You may be dizzy with initialisms and thinking “Oh great, one more thing to worry about for my website.” Some welcome news would be that these two rulings are not all that different from each other. In some ways, CCPA is more relaxed than GDPR, but in other ways it takes the European framework and runs with it. If you’re complying with GDPR standards, chances are you’re most of the way to compliance with the new California Consumer Protection Act.
But wait! This only applies to certain companies. There are a few different ways you can determine if this applies to you or not:
Does your company make over $25 Million a year? Probably not? Okay, check!
Does your company collect private data, via marketing means or otherwise, and do you have data on 50,000 unique individuals? Do you buy the data of an equal number of users? Probably not? Okay, check there too!
But wait, does your company sell this data, and do those sales account for half of your annual revenue? No? Great! You’re safe and can completely disregard this blog.
If you answered ‘yes’ to any of the above conditions, you must be compliant. But what does compliance mean?
CCPA & U
If your company earns $26 Million annually and you collect the data of 50,001 individuals, you should already be making attempts to comply with the new standards.
Ideally, a system should be implemented by which you can track the flow of your user data: how is it submitted, what are you collecting, and how is it being used/who is it being sold to? Part of compliance is having this data and sharing it with users who ask for it. Should you be misusing the data or not complying, prepare to be subject to civilian and government lawsuits.
Want to be sure you’re completely compliant? All the legal jargon can be found right here.
Chances are your business does not meet the conditions for compliance. While you may be exhaling a sigh of relief right now, you shouldn’t be completely unaware of this act and the implications that come along with it. This is the US’s first major foray into data protection, and likely will be followed with similar legislation. It’s always a good idea to make a goodwill effort in these areas, along with Disability Compliance and GDPR compliance.
In the meantime, if you need some marketing how-to’s, check out our Digital Toolbox platform and sign up for a free handyman account. Looking forward to seeing you there!
looking for more small business tips?
Join the Digital Toolbox Facebook group.
Does my business need to comply with CCPA?
If your company grosses $25 Million or more, gets half its income from selling user data, or collects data on 50K+ users, you need to comply.
This content is brought to you by Roundpeg, an Indianapolis marketing strategy company.