CCPA compliance

What does the CCPA do?

The main goal of the CCPA is to improve the security and protection of an individual’s personal information. The CCPA offers consumers:

Ownership

California residents have the right to know what has been collected about them or their children, including any activity or data gleaned from their devices, and they have the right to tell businesses not to share or sell that information.

Once a year, businesses are required to inform people of what categories of information they have collected about them, their devices or their children. If that information is sold, they also have to let people know what categories of information were sold and to whom.

Control

California residents have the right to control what personal information is collected.

Consumers can have their personal information deleted from a business’ servers under specific circumstances. If a consumer tells a business not to share or sell their private information, the business cannot charge more or deny access to services. Businesses must prominently display a “Do not sell my data” link where consumers can opt out.

Security

Businesses are required to implement “reasonable security measures” to protect the personal information of California residents. If a breach does occur, businesses must file a report immediately. Businesses that do not adequately secure personal information will be subject to stiff fines and other penalties.

The CCPA applies to any organization worldwide doing business in California and exceeding annual gross revenues of $25 million, holding personal information of 50,000 or more California residents, or receiving 50% or more annual revenues from selling California residents’ personal information.