What is the California Consumer Privacy Act (CCPA)?

CCPA

Table of contents

  1. What are the intentions of CCPA?
  2. What is considered personal information under CCPA?
  3. Who must comply with CCPA?
  4. How can organizations comply with CCPA?
  5. What happens if companies are not compliant with CCPA?
  6. How is CCPA compliance enforced?
  7. How can Californians request access to their personal information?
  8. How is CCPA different to GDPR?
  9. How does CCPA impact cybersecurity?
  10. How UpGuard can prevent data breaches and data leaks

1. What are the intentions of CCPA?

  • Know what personal data is being collected about them, e.g. smartphone locations, voice recordings or browsing history
  • Know whether their consumer data is sold or disclosed and to whom, e.g. app developers, service providers and advertising partners
  • Say no to the sale of personal data
  • Access their personal data, e.g. online activities, physical locations, ride-hailing routes,biometric data and ad-targeting data
  • Request a business delete their personal data, e.g. your phone number, social security number or IP address
  • Not discriminate against them for exercising their privacy rights
  • Access to specific inferences that have been made about them, e.g.psychographics, predictions and categorizations
  • Provide authorization to companies, activists, associations and others to exercise opt-out rights on behalf of them

2. What is considered personal information under CCPA?

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
  • Characteristics of protected classifications under California or federal law
  • Commercial information including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
  • Biometric information
  • Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory or similar information
  • Professional or employment-related information
  • Education information, defined as information that is not publicly available personally identifiable information (PII)as defined in the Family Educational Rights and Privacy Act
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes

3. Who must comply with CCPA?

  • Has annual gross revenues of at least $25 million
  • Buys or sells the personal information of 50,000 or more consumers or households
  • Earns more than half of its annual revenue from selling consumers’ personal information

4. How can organizations comply with CCPA?

  • Implement processes to obtain parental or guardian consent for minors under 13 years and the affirmative consent of minors between 13 and 16 years old before selling or sharing their data for commercial benefit
  • Provide a “Do Not Sell My Personal Information” link on the home page of their website that enables Californians to opt out of the sale of their personal information
  • Designate methods for submitting data access requests, including, at a minimum, a toll-free phone number
  • Update privacy notices with newly required information including a description of California residents’ rights under CCPA
  • Avoid requesting opt-in consent for 12 months after a Californian opts out
  • Provide accessible privacy notices and have alternative format access clearly called out

5. What happens if companies are not compliant with CCPA?

  • Companies who suffer from a data breach or data leak can be ordered in civil class action lawsuits to pay statutory damages between $100 and $750 per California resident and incident or actual damages (whichever is higher) and any other relief a court deems adequate, subject to an option of the California Attorney General’s Office to prosecute the company instead of allowing civil suits to be brought against it
  • A fine up to $7,500 for each intentional violation and $2,500 for each unintentional violation

6. How is CCPA compliance enforced?

7. How can Californians request access to their personal information?

  • Any and all information or content provided or posted by me
  • Any and all data collected about me or associated with me, my phone number or device including location data, login data, biometric data, usage data, demographic data, website visit and other online activity
  • Any and all inferences, classifications or categorizations that your organization or its service providers have made about my interests, activites, behavior, attitudes, psychology, health, fitness, diet, intelligence, abilities and any other psychographics
  • Any and all data your organization has obtained or acquired about me from third-party vendors, websites, apps, service providers or companies
  • A list of all entities and third-parties who have my data has been disclosed or sold to

8. How is CCPA different to GDPR?

9. How does CCPA impact cybersecurity?

10. How UpGuard can prevent data breaches and data leaks

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
UpGuard

UpGuard

1.3K Followers

https://www.upguard.com — UpGuard combines third-party security ratings, vendor questionnaires, and threat intelligence in a single cyber risk solution.