What is the CCPA?

By Nic Villasenor/ Published on December 20, 2019

In 2018, the California legislature passed a sweeping privacy law to protect consumers. The California Consumer Privacy Act (CCPA) became the most comprehensive consumer privacy law in the country.

Familiar with GDPR? CCPA travels along the same lines, but with important differences — including a broader definition of personal information.

"Personal information" is anything that identifies, relates to, describes, or is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. — Section 1798.140(o)(1)

That naturally includes name, address, social security number, birthdate, and driver’s license number, but also reaches into biometric data, internet activity, and more.

Who it applies to

CCPA applies to businesses in California that satisfy at least one of the following conditions:

  • Have at least $25 million in annual revenue

  • Buy, sell, or use for a commercial purpose the personal information of 50,000 or more "consumers, households, or devices"

  • Earn more than half of their annual revenue selling consumers’ personal data

Certain information is considered exempt because it’s already protected by federal privacy laws (such as health information under HIPAA, bank and financial information under Gramm-Leach-Bliley, and credit reporting information under the Fair Credit Reporting Act), but personal information outside the scope of these laws will still be covered by CCPA.

Rights and obligations

CCPA puts into effect a number of rights for California consumers.

Right to Know: The right to request that a business inform a consumer about what personal information is collected and how it is shared.

Right to Delete: The right to request that a business delete information provided by the consumer.

Right to Opt-Out: The right to ask a company not to sell consumer personal information. "Sell" is defined broadly here, and includes exchanging personal information “for monetary or other valuable consideration.”

Right to Non-discrimination: Covered businesses can’t treat consumers differently when and if they exercise their rights under the CCPA. They cannot, for example, charge different prices to a consumer  unless the differences are “reasonably related” to the value of the personal information.

Why you should be paying attention

But what does the CCPA mean for you?

As a consumer, you’ll have more control over your personal information and more transparency about how it’s used.

As a business, if you’re not compliant yet, it’ll be important to get ahead of the game instead of playing catch up (and facing possible fines and penalties).

Even if the law doesn’t apply to your business due to your size or industry, your customers may come to expect the same level of protections they find elsewhere. If your company values consumer privacy, voluntary compliance will demonstrate your commitment.

How to comply

Start by creating an information map of your business's information collection and sharing practices, and be sure to include this information and required CCPA disclosures in your company's online privacy policy.

TrueVault believes that privacy policies are a way to show consumers we value them. Your privacy policy is one way to express your philosophy, approach, and values. The CCPA is complex, and may seem onerous at times, but its core duty is to protect consumers.

TrueVault is here to help. Contact us to talk about how your company can accomplish compliance with CCPA.

Talk To Our Team

Latest Posts

Should Utah's Privacy Law Be on Your Radar?

A Cookie Banner Isn't Enough for CCPA Compliance

Why CCPA Compliance Matters to HR

Mailing List