The California Consumer Protection Act Goes Into Effect in 2020
Is Your Business Compliant with the CCPA?
September 17, 2019
The California Consumer Privacy Act is intended to empower consumers by enhancing their privacy rights and protections. This bill affects any for-profit business that collects consumer data who has gross revenues in excess of 25 million, possesses the personal information of 50,000 or more consumers, households or devices, or earns more than half of its annual revenue from selling consumer information. Set to take effect on January 1st, 2020, the CCPA focuses on six important areas of personal data and affords California consumers the right to:
- Know what personal data is being collected
- Know whether their personal data is sold or disclosed and to what party
- Say no to the sale of their personal data
- Access their personal data
- Request that a business delete/destroy any personal information that is collected from that consumer
- Not be discriminated against for exercising their privacy rights
What is the CCPA?
“The CCPA is set to be the toughest privacy law in the United States, broadly expanding the rights of consumers, and requiring businesses within scope to be significantly more transparent about how they collect, use, and disclose personal information.”
The Challenges Companies Face
According to research by Help Net Security, only 14% of companies are compliant with the CCPA and 44% have not even begun the implementation process. As a result of this bill, tens of thousands of businesses worldwide are scrambling to meet the looming January deadline and get aligned. There are two primary barriers to business. Firstly, creating scalable solutions to meet the needs of regulations like CCPA and GDPR (General Data Protection Regulation) can cost hundreds of thousands of dollars for businesses. One in five businesses expects to spend more than a million to achieve compliance. Secondly, compliance may require a massive procedural overhaul to ensure that consumers can access and request the deletion of their data. It may be necessary to fundamentally change the way an organization stores and accesses data in order to achieve compliance.
The compliance burden this bill imposes is far-reaching and could have a major impact nationwide. It is being compared to the European Union GDPR in the scope and severity of its requirements. Fortunately, Companies that are already GDPR compliant should find the path a bit easier in reaching CCPA alignment. Experts predict that other states will soon follow California’s example as the demand for better transparency from consumers increases.
Ultimately, it may benefit your organization to begin instituting these policies even if you are not currently subject to the CCPA. As this law takes effect, the rest of the country will be waiting to see how these regulations affect the tech landscape. With data now serving as a digitally minable, financially lucrative resource, there is a worldwide outcry to better protect the originators of that data – consumers.
How DOMA Handles Compliance
With DOMA you can trust that your data is protected and that your business has the power to exercise the data and privacy rights afforded by the CCPA on behalf of your customers. As a company that deals primarily with the digitization and management of information, DOMA keeps the requirements of GDPR and CCPA at the forefront of how we deliver our solutions to other businesses.
DOMA supports its customers in their quest to become CCPA/GDPR compliant by serving as a secure processor. We handle and process the data for over 250 different clients and have 20 years of experience in achieving and maintaining a wide range of security and data protection standards. Every customer has different needs and requirements, so it is up to DOMA to ensure we can protect personally identifiable information (PII), medical data government documents, and other sensitive information. It’s helpful in this case to work from the top down. For example, achieving compliance with the most stringent laws and regulations makes it easier to meet the needs of clients with less intense security needs. As a digital solutions provider, DOMA can ensure that your business’ information will continue to meet the requirements of CCPA, HIPAA, GDPR, and more while it’s in our care.
About DOMA- Powered by Tech, Driven by People
DOMA Technologies (DOMA) is a software development and digital transformation company whose mission is to change customer lives by lightening their workload through faster and more targeted access to their data. Since 2000, our team of 200+ experts has helped businesses navigate all aspects of the digital world. We are a dedicated strategic partner for the federal government and private sector clients at every stage of their unique digital transformation journey.
Author:
Danielle Wethington
Director of Communications
Compliance & Security
Learn more about DOMA’s security and compliance.