In a world fueled by data, we’re witnessing copious breaches, now more than ever.
For example, Facebook’s breach of 50 million accounts in 2018. Shortly, Facebook announced the news again when 540 million user records were exposed to Amazon cloud servers.
Unfortunately, the data breach is not limited to one industry.
The infamous Equifax breach of 2017 compromised the personal information of 147 million Americans.
According to a recent study, nearly half (49%) of Americans believe that their personal information is less secure than it was five years ago.
To provide consumers more authority over their personal information, the state is taking measures by executing the California Consumer Privacy Act (CCPA) which is set to take effect from January 1, 2020, with enforcement commencing July 1, 2020.
What is the CCPA?
AB 375 enables any California consumer to demand to view all the information a business has saved on them, including an entire list of all the third parties that data is shared with. Besides, the California law permits consumers to sue companies if the privacy guidelines are meddled, even if there is no breach.
If your business operates in California or has customers (or potential customers) in California, then law affects your businesses too.
The criterion as set to comply are,
- Your annual gross revenue is more than $25 million.
- Your organization holds, shares, or sells personal information of more than 50,000 individuals.
- Your company earns 50% or more of its annual revenue from selling personal information of consumers.
Several states are applying the CCPA as a template to draw up their laws. It’s just a matter of time before privacy regulations affect your business.
How does the CCPA define “personal information?”
CCPA’s definition of Personal Information includes (but not limited to)
- Audio, electronic, visual, thermal, olfactory, or related information
- Biometric data
- Properties of protected classifications under California or federal law
- Commercial information (i.e., personal property records, purchasing history)
- Education information
- Geolocation data
- Internet activity (i.e., browsing and search history, web tracking data)
- IP addresses
- Professional and employment information
- Inferences drawn from any of the information contained in the definition
What happens if my business is not in compliance with the CCPA?
Business & firms have 30 days to comply with the law once regulators inform them of a violation. If the issue isn’t settled, there’s a fine of up to $7,500 per record.
The bill provides for an individual’s right to sue, for the first time and it also allows class-action lawsuits for further damages.
Again, there’s a 30-day window that springs when the consumers supply notice in writing to a business that they believe their privacy rights have been violated. If it’s not resolved, and the attorney general refuses to prosecute, then they can bring a class-action suit. And it’s not just around breaches.
The law states that businesses must have a well- defined visible footer on websites granting consumers the option to opt-out of data sharing. If that footer is missing, consumers can sue. They can also sue if they can’t discover how their information has been gathered or get copies of that information.
The law also attaches specific penalties should unauthorized access occur, whether through a breach, theft, exfiltration, or “disclosure as a consequence of the business’ violation of the duty to execute and maintain appropriate security methods and practices. As currently written, AB 375 allows for penalties of $100 to $750 per consumer per incident, or actual damages, whichever is greater.
If you add in all the other breach-related costs — IT response, forensics and recovery, legal, notification, and so on -this could push “merely a breach” into the sphere of an existential threat to many businesses and maybe cost your business millions of dollars.
Giving consumers power over their data
The CCPA will sanction individuals to take a more progressive role in monitoring and shielding their personal information. Although the regulation composed of intricate data safeguards, consumer rights can be classified into five high-level categories:
- Businesses must notify consumers of their intention to obtain personal information.
- Consumers have the right to know the personal information an organization has assembled, where the data came from, how it will be used, and with whom it’s shared.
- Consumers have the right to restrict businesses from selling their personal information to third parties.
- Consumers can request businesses to eliminate the personal information that the business has on them.
- Businesses are banned from charging consumers different prices or denying service, even if the consumer exercised their privacy rights.
Businesses will benefit, too
Consumers wish to do business with firms that guard their data privacy. As a compliant organization, you’ll be able to market your adherence, which in turn can help increase sales and customer loyalty.
Not to be discounted is the personal information you collect. You’ll know exactly where the information came from and have better control over its efficiency, enabling you to really know your customers and develop your marketing strategies.
Businesses today need to take an elaborate look at their data-governance capabilities and methods. And for many, CCPA agreement will compel them to make necessary changes. By implementing regulation monitoring procedures you can ensure your business continues to function smoothly in the long run.
Only B2B in compliance with the CCPA
We at OnlyB2B, adhere to the GDPR (General Data Protection Regulation) guidelines.
We have an army of skilled and well- equipped experts and top-notch technology to safeguard your data from any kind of infringement. Our policies are well articulated and in accordance with the CCPA.
A professional relationship with us will ensure that your data remains safe as you continue to garner your customer’s trust and flourish both ways.
Get in touch with us to know more.