Compliance Glossary

CCPA, or California Consumer Privacy Act, is a set of compliance guidelines aimed at protecting data belonging to residents of the state of California. It came into effect on January 1, 2020, and is considered one of the most stringent privacy laws in the United States. It applies to all organizations, regardless of where the business is located, that:

• Process more than 100,000 personal data (B2B data included) of California citizens annually
• Have more than $25 million in revenue annually
• Earn more than 50% of revenue from selling California residents’ data

According to the CCPA guidelines, personal data can include details such as names, Social Security numbers, email addresses, birthdates, passport numbers, IP addresses, phone numbers, driver’s license numbers, residential addresses, and bank account details.

The CCPA protects the customers for their right to choose not to sell their data and the right of access and deletion of the data collected. Organizations that violate the CCPA may face fines of $7,500 per violation and $750 per user affected in civil damages.

The CCPA compliance requires an organization to have a process for responding to customer privacy rights exercise requests. In addition, businesses should collect less personal information except when it is absolutely necessary.

An inventory of all the data collected by an organization is set up, and customers are given notice of the collection of data. A data privacy policy is established, the employees are trained, and requests from customers are handled effectively.