Effective January 1, 2020, the California Consumer Privacy Act (CCPA) is the first major state-wide data privacy legislation enacted in the U.S. Although a few other states have passed privacy legislation, the CCPA empowers California residents with new rights to request businesses to disclose or delete data they have already collected, or to completely opt out of third-party data sales. The law encompasses California residents who are consumers, patients, students and employees.
CCPA also creates new obligations for commercial entities doing business in California. It requires businesses to provide California residents with information about the personal data collected, processed and sold in the prior 12 months. Organizations must meet compliance by July 2020. Employee and business-to-business data will be impacted beginning in January 2021.
An organization must comply with CCPA if its annual gross revenues exceed $25 million, if it obtains personal information annually on 50,000 or more California residents, or if it earns 50 percent or more of its revenue from selling California resident data. A business is not required to comply only if it does not have a physical presence or affiliate in California and it conducts its commercial business wholly outside the state.
Skoda Minotti Risk Advisory Services can help you achieve compliance with CCPA. Our experienced professionals can assist you by assessing and implementing operational and structural changes to comply with CCPA requirements. As more states venture into privacy legislation, we can help you stay up-to-date on changing regulations and plan ahead for timely implementation.
For more information about California Consumer Privacy Act (CCPA) compliance at Skoda Minotti, please complete the form below or call Ben Osbrach at 440-449-6800.