CCPA will change the legal landscape with consumers’ electronic data.
Remember the European Union’s General Data Protection Regulation? It created new rules for companies doing business there in how they protect consumers’ personal electronic data.
In less than a year, the issue will hit American shores via the West Coast.
The California Consumer Privacy Act takes effect in January 2020. Though it’s not a federal regulation, California is one of the country’s wealthiest and most populous states. If you’re involved in interstate commerce, there’s a good chance CCPA will impact your business in some form.
Similar to Europe’s GDPR, the California law puts in place new data protection for any entity that does business in the state, provided they meet at least one of three conditions:
- They have at least $25 million in annual revenue
- They handle personal information of at least 50,000 consumers
- They get at least half their revenue from selling consumers’ personal information
CCPA is already causing heartburn. Consider that second requirement, for example. Do you own an email list with 50,000 addresses? If one of those recipients is in California, you could be subject to the new law regardless of your revenue or product.
In the case of GDPR, larger brands began shifting responsibilities to their partners in anticipation of supply-chain problems. Experts point out that in several aspects, CCPA is even more aggressive than its European counterpart.
CCPA seeks to put consumers firmly in charge of how their personal data is collected electronically and what happens when it does. Companies must tell consumers about the kind of information they collect, and they’re not allowed to collect any other data.
Consumers can ask companies about the kind of data they have, how they got it, how they intend to use it and whether it’s been shared with other entities.
In cases where companies disclose personal data in the course of doing business ‒ and that includes advertising and marketing ‒ consumers can ask for their data to be deleted.
There are opt-out provisions, as well as opt-in rules for children. And companies can’t retaliate with higher prices or cheaper products when customers exercise their rights under CCPA.
There is a small grace period. The rules become law next January, though regulators reportedly won’t start enforcing it until June. Noncompliance will be expensive. Experts say that, depending on a few variables, each violation can cost higher than $7,000.
If you haven’t examined the fallout of CCPA, or if you’ve just begun, call Zehnder. Our teams can help map out the law’s potential impact and make many of the changes to put you in compliance, especially with online technology.
Contact Laura Gould at firstname.lastname@example.org or (615) 349-9602, and put the power of Zehnder to work in protecting your brand.