Compliance Glossary

Enacted in 2018, and going into effect on January 1, 2020, the California Consumer Privacy Act (CCPA) is one of the most comprehensive consumer data protection laws in the US. By offering Californians more control over their personal data, it seeks to strengthen their privacy rights and safeguards.

Californian customers have various important rights regarding their personal data under the CCPA. People have the right to know what information is being collected on them, why it is being collected, and what details are being gathered. Additionally, they can ascertain who is receiving the disclosure or sale of their data. They have the option to refuse to have the sale of their personal data. 

Customers also have the right to access their personal data that is held by businesses and can request that their data be removed from those records. Crucially, the CCPA makes sure that exercising these rights doesn’t lead to unfair treatment in the form of price differentials or denial of goods or services.

For-profit businesses operating in California that fulfill specific requirements are subject to the law. It covers, among other things, firms that handle the personal data of at least 50,000 individuals, households, or devices; organizations whose yearly gross revenues surpass $25 million; and companies whose primary source of income is the sale of personal data.

The CCPA provides a broad definition of personal information. Besides the more conventional identifiers like names and addresses, it also includes internet identifiers like browsing history, biometric information, and conclusions derived from different kinds of personal data.

In order to protect customer data, organizations must implement and uphold acceptable security procedures. Additionally, companies must provide clear and accessible mechanisms for consumers to exercise their rights, including a prominent “Do Not Sell My Personal Information” option on their website.