Just as businesses have recovered from preparing for the GDPR, a new law threatens to impose severe fines, penalties, and prosecutions in the form of the California Consumer Privacy Act (CCPA). This new regulation will affect businesses around the world, and will still apply over the course of the Covid-19 pandemic.
The new law, which went into effect on January 1st this year, has already caused a stir – and the consequences to offenders could be grave for businesses that deal with consumer information. Companies who do not prepare for the CCPA will find themselves faced with lawsuits and fines of up to $7,500 per violation.
This blog post will help your business prepare for the CCPA. It will highlight some of the actions you can take right now, and some of the tools you can use so that you do not have to face business breaking fines and penalties.
What is the CCPA?
The California Consumer Privacy Act is a relatively new law that protects the privacy rights of consumers in California. However, as the GDPR introduced a year and a half ago, the bill affects businesses located anywhere in the world.
The law allows these consumers to sue businesses if their personal information is compromised in any way, including a data breach.
According to the CCPA website, the act protects the following consumer rights:
- The right to know all data collected on them, including why acquired, before being collected
- The right to refuse the sale of their information for any reason
- The right to request the deletion of their data
- The right to know of third parties with whom their data is shared, as well as those who acquired their data
- The private right of legal action against a company should a data breach occur
It’s important to note here, that businesses can incur expensive penalties through data breaches and non-compliance through consumer requests. This means that organizations that effectively have no ill-intentions may still find themselves liable for financial implications.
What are the penalties of the CCPA?
A recent survey by a leading antivirus and security vendor polled 625 business owners and executives on the CCPA. The survey discovered that approximately 1 in 3 businesses was unsure whether they needed to change how they capture, store and process their data.
It’s also worth noting that 2018 was the second-most active year for data breaches, according to Risk Based Security, with over 5 billion records leaked. With these facts in mind, the CCPA has severe consequences for businesses that remain ignorant or unprepared.
If businesses do not respond within 45 days to consumer requests about their data; consumers can claim up to $750 per incident. After the 45 days are up, businesses have 30 days to prove that they have amended any violations and that no more will occur. If organizations do not or cannot prove this, they may face penalties of up to $7 500 per intentional violation.
Who is affected by the CCPA?
The same survey by the leading security vendor revealed that an alarming number of businesses (44.2%) had never even heard of the CCPA, and only 11.8% knew if the law applied to them.
The CCPA will apply to any business that meets any of the following criteria and collects or sells personal information from consumers in California – regardless of where the company is located:
- earns $25 million in revenue per year
- sells 50 000 consumer records per year
- derives 50% of its annual revenue from selling personal information
To put this into perspective, Quickbooks has investigated the average revenue of businesses by employee size. In 2007 the only businesses that fell within this range were organizations consisting of 100 – 500 employees, which earned $40,775,000 revenue on average. Taking inflation into account, this would equate to $50,968,750 today.
However, it’s important to note that the revenue requirement is not the only criteria that could be satisfied. Businesses who earn under this amount but either sell at least 50,000 consumer records per year or derive 50% of their annual revenue from selling data are still affected.
What can I do to prepare for the CCPA?
The best way to prepare for the CCPA is to re-evaluate how you deal with acquiring, securing and using consumer data. Beyond this, businesses should be prepared to listen to and honor consumer requests regarding their data and strive to be as transparent as possible.
The CCPA is only one of 14 similar laws across the US, with more being planned, however, each of the data protection laws center around the issue of security, transparency, and honesty. By covering these aspects, you will ensure that you’re able to stay compliant and in business.
One of the highest risks that are beyond the direct actions of businesses is the matter of data security. According to Security Magazine, 61% of firms suffered a cyber-attack in the past year, up from 41% the year prior. The median costs for losses associated with cyber incidents shot up from $229,000 to $369,000, says a 2019 Hiscox cyber Reading Readiness Report.
The fact is, cybercrime is on the rise in a major way, and you need to prepare for it if you want to avoid loss from the crime itself, as well as acts from the CCPA.
Fastman Permissions Manager is one of the best ways you can secure your ECM information and data, giving you complete security and control over one of the highest risks of violation for the CCPA.
Educate yourself on security
Fastman will be hosting a live webinar on March 26th, at 1pm EDT covering information security and control. Building upon the extensive capabilities of OpenText Content Suite and Extended ECM, Permissions Manager applies additional layers of control and compliance in line with critical needs such as security, privacy, and access control.
With CCPA, GDPR and ISO 27001 coming into play and showing no sign of slowing down around the world, it is an ideal opportunity to educate yourself and prepare your company. Sign-up today and prepare for the future, or contact Fastman to find more information security solutions for your firm.