Data is one of the vital assets that a company can have. The advent of the data economy has seen companies adopting various ways to collect, use, and share consumer data. When handling this asset, companies must adhere to data protection and data privacy regulations. If you run a California-based business or happens to have a customer base in the state, you should familiarize yourself with the California Consumer Privacy Act (CCPA).
What is the CCPA?
The California Consumer Privacy Act is a law intended to improve consumer protection as well as privacy rights for residents of California. It is the first consumer privacy act in the country offering GDPR-like protections.
How Will It Impact California?
The CCPA applies to for-profit businesses that:
- Do business in California
- Handle the personal data of California residents
- Has California-based employees
- Make at least $25 million in annual revenue
- Earn over 50 percent of revenue from selling consumer data
- Hold or process the personal information of at least 50,000 devices, households, or consumers
Businesses that fit in the above criteria must comply with all provisions outlined in the final version of the CCPA when it comes into effect.
So, what happens if a company is not in compliance with the CCPA? Well, all violators and non-compliant parties will not only put their business reputation on the line, but they will also face penalties. Any party that will be found guilty of non-compliance or for violating the CCPA will either face:
- Private enforcement
Under the CCPA, consumers will have the right of action to sue businesses that sell their data without their consent. In such an event, a sued business will be obligated to pay the actual damages. If the actual damages are less than $1,000, the business may be required to pay at least $1000 and not more than $3000.
- Consumer enforcement
In the event of a data breach, non-compliant or violating businesses will be obligated to pay at the actual damages. In case the actual damages are less than $100, the non-compliant business will be obligated to pay anywhere from $100 to $750 per incident.
- Government enforcement
California’s Attorney General can file a civil case against non-compliant businesses that will not have complied with the CCPA guideless after 30 days from the date they were notified about their non-compliance. Businesses that will not comply within 30 days after the notification will be liable to pay fines up to $7,500 per violation.
Although the CCPA penalties for non-compliance are not as steep as the GDPR’s, significant data breaches involving thousands of consumers could be a heavy price for any businesses to pay. For instance, if a business violates the rights of 20,000 customers, penalties for non-compliance would be $750 multiplied by 20,000, which is equivalent to a staggering 15,000,000 in non-compliance penalties.
Want to learn more about how to prepare for CCPA compliance? Be sure to reach out to a Reciprocity expert for your 100% free demo.