How CCPA Will (California Consumer Protection Act) Impact Business and Companies?
We all deserve data privacy. Our personal information is on the line and we require privacy laws to maintain their safety and integrity. After all, the steady stream of information regarding ransomware, malware, and data breaches is enough to give developers, marketers, and businesses sleepless nights.
To combat the situation, governmental regulations are being enacted to safeguard data privacy and penalize organizations that fail to comply, intentionally or unintentionally. The most recent among these regulations is the 2018 California Consumer Privacy Act (CCPA), which aims to protect sensitive consumer data from 2020 onward.
Although it shares various rights with the EU’s GDPR – such as the right of access to data, the right to be forgotten, and the right of portability – you still need to understand how CCPA will affect your business. It’s all set to be implemented from 1 Jan 2020, so the need to understand it is urgent. Find more details below:
Why CCPA Matters?
Under CCPA, residents and employees of California can now:
- Request deletion of personal details, opt-out of the sale of personal information, know whether their personal information was disclosed or sold, and find out which categories of their personal details have been collected.
- Receive equal price and service, even when exercising privacy rights.
According to the CCPA, personal information broadly includes various categories that identify a person indirectly, such as aliases, social security numbers, search and Internet browsing history, credit card information, unique personal identifiers, geolocation data, email addresses, and others.
Impact of CCPA on Your Business
Companies must now take stock of what constitutes private data and find and secure this kind of data, going as far as to police their vendors so that they remain compliant with the new rights.
The CCPA law will cover every company with a minimum annual revenue of $25 million that deals with California consumers. It does not matter if the business is located in a state different than California or abroad. Plus, any business that collects the personal data of a minimum of 50,000 consumers or collects over half their revenue from the sale of personal data will be covered by this regulation.
California permits businesses to offer financial incentives to users who share personal data, but they need to opt-in beforehand. Like GDPR, CCPA helps companies offer a reasonable protection level for personal information. Businesses now need to explain how they plan on using customer information and explicitly request permission before collecting and processing it.
For protecting the personal details of users, companies must know what data they have, how it’s processed, and where it resides. This enables them to set up suitable security measures that are compliant with the new regulations.
Impact on Businesses Affected by the Law
Most existing privacy laws in the US are optimized to meet the requirements of certain sectors or industries. Unlike past privacy laws, CCPA is applicable to nearly every industry, with barring a few exceptions.
Owing to the quick approval process for this set of laws, the California legislature decided not to take into account the complaints of various companies that the CCPA will affect. For that reason, the CCPA is likely to undergo regular updates to accommodate different industries that were left out of the original act. More research must be done to make the law perfect.
Greater Cost to Small Businesses
Like the oversight of different industries, the CCPA hurriedly excluded numerous small companies from very general requirements. As the current definition of business stands, the CCPA law is likely to affect most small businesses in an adverse way.
While 50,000 might look like a huge number initially, when you divide it by 365, you’re left with fewer than 150 users each day. Also, consider the ambiguity of this statement since it applies not just to customers but even to devices or households.
Due to the confusing definitions surrounding this act, the CCPA is going to sweep in a lot more business than expected. This indicates what’s to come later on. GDPR was just the beginning of the future. And greater regulatory compliance will start suffocating the company.
Consumers will become the ultimate victims. Their costs will go up and jobs will be lost, resulting in greater economic impact albeit a negative one. That’s why it all boils down to the balance between regulation and protection and too much of it.
A lot of small businesses will fail to gather the funds necessary to pay off the expenses related to the new law and must choose between not sticking to the law or dismissing the organization from the market.
The majority of small businesses interconnect with larger or other small companies to recoup their profits. Unfortunately, only a couple of businesses can be considered CCPA compliant now. Many have yet to begin the compliance process while most are in different stages.
The Problem with Vague Laws
Numerous businesses in California recently had to spend money forcibly on GDPR compliance. Due to the absence of application and thought, the variations between GDPR and CCPA will impose a new round of expenses to companies just overcoming the burden of GDPR compliance.
Even more frustrating is the fact that if businesses are GDPR compliant, implementing further changes will probably put the privacy of California customers at risk. Thus, making the two laws harmonious with one another by the legislature can go a long way in helping businesses.
A lot of work still remains to get businesses ready for the CCPA deadline. However, streamlining the data collected by a company, along with the storage and processing methods can go a long way in making the system more efficient. Companies should only collect the necessary pieces of PII to perform the services and limit the resources and time spent on storing the entirety of it.
If your business has to know what must be done for its IT systems to meet the requirements of CCPA, FileCloud is your best bet. Apart from risk assessment and review, FileCloud also assesses your existing data protection methods and policies. This helps you implement long-term security and privacy plan.
Companies and businesses should realize by now how extensive the impact of CCPA will be. They should start preparing right away to become compliant. Otherwise, they risk damaging their reputation, lawsuits, fines, and the loss of customers. Compliance will bring more customer value to the company.
Author: Rahul Sharma