How Will the New California Consumer Privacy Act Impact Canadians?
The California Consumer Privacy Act (CCPA), which came into effect on January 1, is the latest regulation shaking up the global tech and e-commerce space. Although the CCPA specifically protects the rights of California consumers with respect to the collection, use, and disclosure of personal information—its impact reaches far past state lines.
Similar to the European General Data Protection Regulation (GDPR), CCPA can apply to businesses outside of California that collect and use personal data on California consumers. Today we’re taking a deep dive to explore the true reach of the CCPA, how you may be impacted as a Canadian business or consumer, and next steps to consider moving towards compliance.
What is the scope of the CCPA?
Even if your business, or a business that you’re a consumer of, is not physically located in California, it only needs to meet one of the following criteria to be affected by the CCPA:
- The business has an annual gross revenue more than $25 million USD;
- The business buys, receives, sells, or shares the personal information of more than 50,000 California consumers; or
- Derive at least 50% of annual revenue from selling California consumers’ personal information.
If any of these apply to your business, you must become CCPA compliant.
What do you need to do to comply with the CCPA?
As a business owner, there are a handful of steps that you can (and should) take to move towards CCPA compliancy by the enforcement date of July 1, 2020. These include:
Map Your Consumer Data
In the data mapping process, consider things like…
- What personal information is collected and from whom?
- Where is personal information stored?
- How is personal information stored?
- How long do we retain personal information and for what purpose?
- With whom do we share personal information and why?
Review Third-Party Agreements
Review all third-party agreements existing within your business and ensure they are compliant with the CCPA.
Train Your Team
Develop and implement an employee training program regarding the collection, use, disclosure, and protection of personal information.
To minimize litigation liability, develop better security practices, a data breach response checklist, and an incident response plan.
What rights do consumers have under the CCPA?
This is potentially the most important information to consider when building your CCPA compliance plan—the rights of Californian consumers. Even if your business is not directly impacted by these regulations, these are helpful tenants to guide your data privacy strategy no matter where your consumers are located.
- Right to know what information is collected;
- Right to know what information has been shared (and with whom);
- Right to opt out of the sale of data;
- Right to request deletion of personal information; and
- Right to receive equal services, even if exercising privacy rights.
Don’t forget that as a consumer, it’s important to keep these rights in mind too. Although many jurisdictions are not operating under highly enforced data privacy laws like the CCPA, your data should be handled with care. Don’t be afraid to speak up if and when you feel like your personal data is being misused.