Though the California Consumer Privacy Act (CCPA) came into force in 2020, many business leaders are still unsure about how it works. Because a big part of the CCPA involves posting a privacy notice that meets specific requirements, it is easy to confuse it with another state privacy law—the California Online Privacy Protection Act (CalOPPA). There are important differences between CCPA and CalOPPA, however, and compliance with one law does not equal compliance with the other. Here we’ll go over their similarities and differences, and how businesses can make sure they are in compliance with both the CCPA and CalOPPA.
The CCPA is definitely the more comprehensive of the two laws. It requires businesses to be more transparent about how they collect and use consumers’ personal information, and creates several new consumer rights.
Regardless of where it is located, a for-profit organization must comply with the CCPA if it (1) does business in the state of California, (2) collects personal information from consumers (i.e., California residents), and (3) meets at least one of the following threshold requirements:
If your organization meets this CCPA definition of a “business,” it must evaluate its data practices and post a CCPA-compliant notice at any point where it collects consumers’ personal information. This notice must tell consumers:
Depending on the business and its practices, you may also be required to make other disclosures in this privacy notice. For example, if a business knowingly collects personal information from consumers under the age of 16, it must describe the process for obtaining their affirmative consent.
In addition to making these disclosures at or before the point of collection, businesses covered by the CCPA must honor the new set of data privacy rights granted to consumers. These rights are:
For more detailed information, read our Complete CCPA Guide.
What is personally identifiable information, according to CalOPPA? It is any personal data that can identify an individual consumer, including:
CCPA compliance can be a lot of work and requires ongoing maintenance. Many businesses are faced with either tasking an employee with trying to understand this complex law or hiring attorneys at expensive hourly rates. TrueVault Polaris makes CCPA compliance simpler and more cost-effective by providing a guided experience similar to tax preparation software. Businesses can combine the expertise of outside consultants with the savings of keeping compliance in-house. Contact our team today to learn more.
Disclaimer: This content is provided for general informational purposes only and does not constitute legal advice. This content is not a substitute for obtaining legal advice from a licensed attorney. The information on this page may be changed without notice and is not guaranteed to be complete, correct or up-to-date, and may not reflect the most current legal developments.