It’s been over a year since the European Union’s General Data Protection Regulation (GDPR) policy went into effect. Now, California’s similar - but different - privacy law, called the California Consumer Privacy Act (CCPA) is set to go into effect on January 1, 2020. Here’s what you need to know.
What is the CCPA?
The CCPA is a law that, like the GDPR, is designed to give Californian consumers control over their own data. It applies to any business in California, and under this law Californians will be able to:
- access information that has been collected about them.
- request that the collected information be deleted.
- opt out.
What is the difference between the GDPR and the CCPA?
There are many differences between the GDPR and the CCPA. In general, the GDPR is broader in scope. However, one of the biggest differences of the CCPA broadly defines “personal information” in such a way that includes not just the consumer, but their household.
CCPA also states that you cannot discriminate against those who have exercised their right by charging them a different price or service.
How should I prepare for CCPA?
If your business is already GDPR-compliant, you have a good start on becoming CCPA-compliant but you should still ensure that there are no gaps - there are differences between the two laws and the penalties for violating CCPA are severe. At this point, you should:
- review your data collection practices
- make sure your data records are maintained. Although the law goes into effect in 2020, consumers in California have the right to access up to a full prior year of data if requested (so anything from January 1, 2019 on).
- review your privacy policies.
We have provided a brief overview of the California Consumer Privacy Act. For more information on and all the requirements of the CCPA, see the full text here.
The Team at Chatterton & Associates