The California Consumer Privacy Act enters the enforcement phase on July 1, despite pleas by some business groups to delay it because of Covid-19 coronavirus impacts. This means that California’s Attorney General will be able to take direct action against businesses that violate the privacy protection requirements of the CCPA. The law has been in effect since January 1, 2020, but until now enforcement was limited to civil actions brought by consumers against violators.

“We’re hearing that a lot agencies are hiring enforcers,” said Ameesh Divatia, co-founder and CEO of Baffle, Inc. Divatia said that the AG’s office has been finalizing how to asses penalties, how to define a breach and how to justify the size of a fine assessed for violating the CCPA.

“They’re now putting a value on sensitive data,” Divatia said. “Data records need a value.”

CCPA vs. GDPR

Divatia said that the CCPA has been compared to Europe’s General Data Protection Regulation, but noted that there are important differences. “GDPR is more focused on customer rights. CCPA has this but is focused on identifying business that are violating them. It’s not as focused on individual rights.”

Still, many of the same methods for protecting consumer’s data apply to the CCPA as to the GDPR. The difference being that the GDPR may be more broadly based because it applies to more than just consumer data. However, if you’re already GDPR compliant, you are most of the way to being CCPA compliant as well.

As is the case with GDPR, where you’re required to comply if you collect data on Europeans, with the CCPA, you’re required to comply if you have data on California consumers, even if you’re not located in California.

Exactly how the California AG plans to enforce the CCPA on a non-resident company remains to be seen, but in any case, it’s probably better to be compliant so you don’t have to find out the hard way.

Checklist

With that in mind, here’s a short checklist. While a longer checklist might be helpful, there’s only so much one can do in a couple of days.

·        Make sure your website contains the required information on your protection practices, the kind of data you collect and retain, contact information for inquiries, a statement about any sales of consumer information, and a means to opt out of such sales.

·        Confirm the type and quantity of consumer information you keep, how long you keep it, why you keep it, and that it’s properly protected. This might be a good time to evaluate the data you keep, and whether now might be a good time to stop keeping it if you don’t really need it.

·        Evaluate…

 

Read The Full Article

Compliance USA
September 9, 2022
0 571

You’re Not Ready for CPRA If Your Vendors Aren’t

Enforcement USA
January 3, 2022
0 826

Enforcement Update on the California Consumer Privacy Act

USA
March 16, 2021
0 855

California bans ‘dark patterns’ that trick users into giving away their personal data

Artificial Intelligence Compliance Privacy
July 4, 2023
0 1,344

Global Privacy State of Play: What to Pay Attention to in 2023

Compliance Privacy
January 30, 2023
0 717

Privacy’s impact grows, but more remains to be done

Compliance Privacy
December 2, 2022
0 724

Why “Compliance” is not enough to succeed in Data Privacy

Leave a Reply

Check Also

California delays CPRA regulations

The California Privacy Protection Agency (CPPA) was supposed to finalize new pri…