Understanding CCPA Compliance For Startups In 2023
The California Consumer Privacy Act or the CCPA has broad implications for businesses, and we can expect an upheaval similar to that of the aftermath of GDPR in Europe. Aimed at safeguarding privacy, and protecting the consumer rights of the residents of California, businesses need not have an LLC in California to comply with this law, however, being incorporated in the state will bring with it elevated compliance requirements, which you can study more about in this guide.
Despite its novel intentions, the CCPA is definitely a concern for businesses operating in the state, or offering products and services to its residents. In this article, dive deep into the provisions of this law, to help understand how entrepreneurs can best deal with the resulting fallout.
The Rights of California Residents
The new law essentially confers certain rights to the residents of California, pertaining to the following:
a) The right to know what personal data has been collected by a business about them.
b) The right to know whether their personal data is being sold, or disclosed to third-parties, along with the identities of the said parties.
c) The right to opt out of their personal data being sold to third-party marketers and advertisers.
d) The right to access their collected personal data.
e) The right to request the deletion of any personal data collected by a business, from the consumer.
f) The right to not be discriminated against for using their right to privacy.
What Businesses Have To Comply?
Fortunately, not all businesses have to comply with this law, and at the moment, it is mainly aimed at for-profit entities that meet any one of the following criteria:
a) Have annual gross revenues in excess of $25 million
b) Involved in the collecting, buying, or selling of personal data of 50,000-plus consumers or households
c) At least half of the annual revenues come from the sale of personal information and data.
The organizations that meet any one of the above-mentioned criteria have to take necessary steps and measures to safeguard consumer data. With that said, however, a vast majority of businesses have been exempt from this law, unless their business is intertwined with the collection and sale of personal data. This provides much needed respite for small and medium sized businesses.
The law further specifies sanctions and penalties for companies that meet the criteria, but fail to comply with requirements. This begins at $2,500 for each unintentional violation, and $7,500 for each intentional violation going forward.
Essential Steps To Take
If you’re an entrepreneur, or business owner who sells to residents of California, or are based out of the state, here are some steps you can take to effectively comply with the CCPA.
A) Review Privacy Disclosures
B) Carry-Out Risk Assessments
Following this, you can start auditing various systems and processes within your organization to identify risks and security issues that might put customer data in jeopardy.
C) Maintain An Audit-Trail For All Systems & Processes Pertaining To Privacy
Even with robust systems in place to safeguard and comply with these requirements, businesses will face leakages, or shortcomings without proper monitoring, or the use of audit trails .There are specialized teams that can help out in this regard, even when it comes to auditing, and reporting variances.
Despite the hurdles and red-tape resulting from this law, the CCPA was a need of the hour given how much consumers, and their data gets exploited. With new solutions and services cropping up to help business owners comply with this, it should be smooth sailing going forward.