How does the California Consumer Privacy Act (CCPA/) impact my business? When did the CCPA come into effect? Are there certain steps I need to take to be prepared to comply with the CCPA if I am in California?
Nowadays, our private information is not so private. It's extremely easy for our information to get leaked and there is a level of privacy we all need to protect ourselves including, and that includes you protecting your business. Thankfully, with the recent governmental regulations, the California Consumer Privacy Act (CCPA/) aims to protect sensitive consumer data. CCPA went into effect on January 1, 2020, which means it's extremely important that your business is up to speed on all of the new rules and regulations. Not complying with these rules and regulations can result in fines, which you want to avoid. If your business is in California, you will have to comply with the strict guidelines, and the more your business is informed the better off you will be. CCPA covers for-profit organizations doing business in California that collect consumers personal information and has to meet one of the following criteria annually which include:
- "Exceed $25 million in gross revenue."
- "Buy or receive personal information of 50,000 or more consumers, devices, or households."
- "Derive 50% or more of their annual revenue from selling consumers' personal information. "
How the CCPA Impacts Your Business
The CCPA will affect many businesses that collect personal information from those in California. Many businesses in the dark aren't aware of how the new law affects them going forward. Data shows a recent survey by ESET polled "625 business owners and executives to gauge the business readiness for this regulation. Nearly half (44.2%/) had never heard of CCPA. Only 11.8% know if the law applies to them, and 34% are unsure if they need to change how they capture, store, and process data." In 2018, according to Risked Based Security, 6,515 publicly disclosed data compromise events exposing over five billion sensitive records." Unfortunately, it is happening all over the world and affects various businesses. Your business will be affected by specific personal information including:
- "Geolocation data and inferences extracted from data."
- "Unique personal identifiers such as cookie numbers or a company devised number.
- "Browser or search history."
- "Biometric data such as fingerprints or an eye retina scan."
- "Professional or employment-related information such as salary, title, or certifications."
- "Psychometric data such as information gathered from aptitude or personality tests."
- "Audio and visual data such as data from audio or video files."
- "IP addresses: If an IP can identify a household, it may be considered personal data."
Steps You Can Take for Your Business
If your business is located in California, seeking a lead sponsor for someone in each department of your business. CCPA requires input and an ongoing basis with departments such as legal, human resources, information technology (IT/), marketing, customer support, and security. Your team will need to review their security program and you may need to determine relevant changes needed to the specific data collected and stored. Training your employees, especially if they move to different roles within your business, is crucial when staying in compliance. Also, you can provide security and privacy reminders to your employees. Next, consider all the resources you will need to get assistance with compliance. Some resources include attorneys, human resource consultants, and software tools. Once you've established your resources that are needed, get a jump start on the data mapping process.
Although the CCPA does not require that a data map must be performed, the more businesses work on compliance the more common a data map is becoming. Your business should be able to respond to consumer requests to disclose all personal information collected, sold, or shared in the previous 12 months as required under Section 1798.130. Creating a data map will help you to understand where consumer data is sent. When a data map is nonexistent you'll have to undergo a long list of sources. The data map determines which people, technology, and processes interact with consumer data. An automated mapping tool is a great way to identify and helps you depict what data your business holds onto, where the data is, and if the data requires specific protections. Please keep in mind that your business will need to provide the following under the CCPA upon request:
- "The categories of sources from which personal information is collected."
- "The specific pieces of personal information collected about that consumer."
- "The business and commercial purpose(s/) for collecting or selling personal information."
- "The categories of third parties with which the business "shares" personal information."
- "For personal information that is sold, the categories of the consumer's personal information sold to what categories of third parties and the categories of the consumer's personal information sold to each applicable third party."
- "For personal information that is disclosed for a business purpose, the categories of the consumer's personal information that were disclosed."
- "The categories of personal information collected about that specific consumer."
After writing out a data mapping plan, do some research on how to handle an individual rights request. Your business should always honor the rights of consumers and their requests. You'll have to know where the data lives and generate a solid process to organize requests through different departments. Even if your business is not located in California, there will be times you will need to be prepared for global and national requests. This is when you can create a plan of action for your business to honor the rights of the consumer.
As we continue to fight for state privacy laws, your business should be constantly informed on new policies and procedures, so you can be as prepared as possible. The more informed your business is, the better off you will be in the future. If your business is located in New York State, be ready to face the New York Privacy Act introduced by State Senator Kevin Thomas, which will be the first privacy regulation in New York. The state is currently on the verge of passing this act and is considered to be even bolder than California's. It will be similar to the CCPA because it will allow people to find out what data companies are collecting on them, see who they are sharing data with, handle requests, and protect their data from being shared or sold from third parties. Whether your business is based in California, or you just want more information on this topic staying informed is never a bad idea!
Do You Want to Look at Your Financing Options?
If you find yourself needing to find funding for your business, First Union Lending is here to help.
We have nine different business loan types to choose from. This means that we're uniquely qualified to help you find the perfect loan to open your small business.
Applying for a business loan doesn't affect your credit. Better yet, your business loan may be approved as soon as the same day.
To discuss our business loans with one of our lending experts, click here or call 863-825-5626. We’ll talk about our various business loans and help you find the right one.
Get started with the process now by learning more about our business loan types here.