Skip to Content

Compliance Services

What Does CCPA Stand for and How Can it Affect Your Business?

October 06, 2021

4 minutes

A man and woman looking at a computer in an office | CCPA stands for

What Does CCPA Stand For?

CCPA stands for California Consumer Privacy Act and is a digital protection law that covers four major areas:

  • The right for consumers to know what businesses use their information for
  • The right to delete information held by businesses
  • The right to opt out of the sale of personal information
  • The right of non-discrimination against a person for exercising their CCPA rights

The CCPA is part of a larger trend toward data protection as consumers give companies more and more information to store, much of which is confidential, identifiable, and sensitive.

These laws have come shortly after some well-known data breaches which resulted in large businesses and organizations selling collected data without the knowledge of the consumers.

Passed in 2018, the CCPA became the most comprehensive privacy law in the US in order to give consumers more control over how their data is stored to protect their data from being bought and sold without consent.

How Does the CCPA Work?

The CCPA gives California residents a few important rights when it comes to how companies can use their data:

  • The Right to Access Information: Californian consumers are now entitled to know where, to whom, and why their personal information was collected or sold.
  • **The Right to Data Deletion: **Residents of California can request that a company delete their personal data that has been collected.
  • The Right to Opt Out of Data Collection and Sale: Californians can tell a company not to collect or sell their information to third parties. The CCPA also includes a broader definition of the word ‘sell’ beyond that of an exchange of money.
What Does Privacy Mean?

What qualifies as personal information is defined within the CCPA as information that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

In layman’s terms: almost any statistics, data, actions, or pieces of knowledge that can be linked to you.

The CCPA also gives Californians a limited ability to sue businesses when their personal information has been compromised, via a data breach, for example.

It also gives the Attorney General power to sue on behalf of the residents and levy substantial financial penalties.

Who Does the CCPA Apply To?

At an individual level, the CCPA impacts residents of California.

For businesses, every entity that operates and has consumers who are resident in California must abide by the law, regardless of which state they are based in.

In addition to that, for the CCPA to apply, a business must meet any one of these three criteria:

  • Generate at least $25 million in annual revenue.
  • Obtain data from 50,000+ customers.
  • Earn at least one half of its annual revenue by selling consumer data.

If a business meets one of these qualifiers, they must meet the requirements of the CCPA when doing business with Californians

How Do Privacy Laws Like CCPA Affect Small to Mid-Sized Businesses?

The good news for small to medium-sized businesses (SMBs) is that the above qualifications are designed to protect you.

Because if you do not meet one of those qualifications, you are not required to be compliant with the privacy requirements of the CCPA.

Essentially, your business with Californians can remain the same.

Similarly, the CCPA does not apply to you if you don’t do any business in California.

But be wary that if you do meet one of the qualifications, having just one Californian customer means you must comply with the rules set by the CCPA.

If you’re confused, you are not alone. Be sure to consult with experts in the field to ensure you’re compliant if you must be. If not, you could face hefty fines.

How can an SMB be CCPA Compliant?

For companies who are required to become compliant with the rules set by the CCPA, you may be asking yourself ‘what is CCPA compliance?’ It’s important that every business knows exactly what is required of you. Here is a quick rundown of what CCPA compliance means for SMBs:

  • Update Your Privacy Policies: The CCPA requires businesses to have explicit notifications of their intent to collect and sell information at or before the collection point. Meaning, you must alert the consumer that they’re opting into data collection before they do it. This notice must include what information you’re gathering and the reasons behind it.
  • Update Classifications of Your Data Inventory: When storing data, you must include records of that information’s sale, transfers to third parties, and time of collection. Additionally, you must indicate if the information is covered by another privacy law like HIPAA.
  • Create New Compliant Procedures for Consumer’s to Reach their Data: CCPA complaint companies must offer a way for consumers to request access to their information which also means the ability to delete it or opt out of future sale.
  • Review Your Site and Business’ Security: Data protection is required by the CCPA so you must obtain reasonable security for your stored data.
  • Train Your Staff: Be sure that your staff is up to date on what the CCPA is, what the requirements for compliance are, and how to handle any new requests or incidents that could arise because of it.

20211009_What-Does-CCPA-Stand-for-and-What-Does-It-Mean-for-Business_Data-1.jpg

What’s the Difference Between CCPA, CalOPPA, and GDPR?

The CCPA isn’t the only privacy-focused law passed in California.

In 2003, the California Online Privacy Protection Act (CalOPPA) was passed and was the first state law in the United States to require that commercial websites which collect personal information post a California-specific privacy policy that must include certain content as explained in the bill itself.

The CCPA, coming in over a decade later, took it even further by giving consumers the right to delete previously collected data and to opt out of future data collection from online companies who conduct business online.

Another example of privacy laws is the General Data Protection Regulations (GDPR) created in the European Union in 2018.

The GDPR gives European Union citizens a significant amount of control over their private data on the internet. Specifically, it changed the way that websites can acquire consumer consent in order to obtain data. The regulations outline the guidelines for how a website must communicate how personal data will be used and institutes requirements for proof of user consent.

Though the CCPA, CalOPPA, and GDPR are all different in their definitions and protections of user data, they do have one major thing in common: they affect the way people around the world do business with people living in these regions.

20211009_What-Does-CCPA-Stand-for-and-What-Does-It-Mean-for-Business_Data-2.jpg

Conclusion

In the future, digital privacy laws won’t be limited to California and Europe.

Don’t get left behind, consult with an expert today to learn what your business needs to do to stay compliant with the latest laws and regulations.