California Consumer Privacy Act aka CCPA

Ayottaz  helps  companies with their CCPA compliance requirements which are largely mandated across various industries and sectors doing business in California

Get Started
Get your Data Privacy and Information Security assessment now!

Best in class Experts

Web & App Compliance

End to End assistance

One of the Best Prices

CCPA

How can you make your business the California Consumer Privacy Act aka CCPA compliant

What is CCPA?

The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents. The effective date of the CCPA is January 1, 2020. It is the first law of its kind in the United States.

Who does CCPA apply to?

CCPA applies to any for-profit businesses in the world that sells the personal information of more than 50,000 California residents annually, or have an annual gross revenue exceeding $25 million, or derives more than 50 percent of its annual revenue from selling the personal information of California residents.

Sale of PI is defined in the CCPA as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”

If a company shares common branding (i.e. shared name, service mark or trademark) with another business that is liable under the CCPA, the company will be subject to CCPA compliance too.

What does CCPA mean for businesses?

To comply with the CCPA, businesses must provide its users with the collected data once requested and must immediately disclose the following:

  1. All the sources from where the consumers’ data is being collected.
  2. The intent or purpose of collecting or selling the information.
  3. Information about the third parties with whom the consumer data is being shared. 

Businesses conforming to California privacy law 2020 must also do the following:

  1. Notify the users before-hand of any personal data to be collected before doing so.
  2. Provide users with more than two ways to opt-out of any data collection program they might be in and prohibit any selling of their data. This could be done by providing an opt-out link on their website accompanied by a telephone number at the very least.
  3. Provide the same level of features as to someone who exercised the California consumer law.
  4. Maintain a record of similar user requests made and their response.
  5. Verify the user’s identity requesting for changes under the act to find out the authenticity of the request.
  6. Respond to the user’s request and provide the requested data within 45 days of receiving the request.
  7. Disclosing own data privacy policies and practices to its users.

.

Individual Rights under the CCPA

Right to Know
Data Privacy

what personal data is being collected about them.

Right to Delete
Data Privacy

i.e. request a business to delete any personal information about them as a consumer

Right to opt out
Data Privacy

of third-party data sales

Right to non-discrimination
Data Privacy

against for exercising their privacy rights.

Right to be informed
Data Privacy

of data collection and rights

What are the penalties under CCPA?

Failure to comply with the CCPA can result in fines for businesses of $7,500 per violation and $750 per affected user in civil damages for businesses.

The power to enforce the CCPA lies with the office of the Attorney General of California. 

For eg.  If a company ABC is not adhering to CCPA requirements by not honoring consumer access or deletion requests, say of at least 200,000 individual requests made in total, and the AG determines the violations were intentional in nature, the civil penalties can potentially be up to $1.5 billion.

7500

for every intentional violation of the law

Ayottaz can simplify your California Consumer Privacy Act compliance journey

Currently, nearly all of the information and marketing material available regarding data privacy emphasizes technical expertise and the requirements of experts in order to manage compliance. All of this seems extremely daunting to a small to medium-sized business that lacks the resources to onboard such resources. Ayottaz acts as an unbiased interface between enterprises and service providers. We are in the unique position to assure quality products and services to enterprises without any allegiance to a particular product or service. Getting the first mover’s advantage and using the platform to build long-lasting relationships with our customers will help us stay ahead of the competition in the future.