The California Consumer Privacy Act (CCPA) takes effect January 1, 2020
Introduced as Assembly Bill 375 and signed into law on June 28, 2018, the California Consumer Privacy Act (CCPA) provides consumers with groundbreaking new rights on the use of their personal information, effective January 1, 2020.
According to the Office of the Attorney General, the CCPA creates new consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. It also requires the Attorney General to solicit broad public participation and adopt regulations to further the CCPA’s purposes.
As part of the regulatory process, the Attorney General’s Office is holding a public comment period on the proposed regulations, which will include four public hearings throughout the state in the first week of December 2019. The public comment period ends at 5 p.m. PST on December 6, 2019.
For more information how to how to attend the public hearings or submit public comments, see the October 10, 2019 press release from Attorney General Becerra.
This landmark piece of legislation gives California consumers:
Personal information under the CCPA is defined broadly as:
“Information that identifies, relates to, describes, is capable of being associated with, or could reasonable be linked, directly or indirectly, with a particular California resident or household.”
This includes, but is not limited to:
Similar to the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act of 2018 (CCPA) will have a huge impact on businesses in terms of compliance costs.
According to the Standardized Regulatory Impact Assessment (“the Assessment”) provided to the Attorney General’s office by Berkeley Economic Advising and Research, LLC, costs include:
The Assessment assumes the following estimated initial compliance costs to businesses:
Assuming about 75% of California businesses will be required to comply to the CCPA, the total estimated cost of initial compliance comes to a whopping $55 billion.
Assuming about 75% of California businesses will be required to comply to the CCPA, the total estimated cost of initial compliance comes to a whopping $55 billion.
There is a silver lining to this compliance cost cloud: businesses that have already made changes for the GDPR should be able to leverage their existing compliance systems for the CCPA, lowering the overall cost.
However, since the CCPA differs from the GDPR, some changes (and costs) will still be required.
Contact Us to learn more about Cedar Financial’s ongoing dedication to compliance and ethical, “People-First” debt collection as a member of ACA International.
Your business may be subject to the CCPA if it:
Businesses that handle more than 4 million consumers’ personal information may have additional obligations under the proposed draft regulations.
Despite having “California” in its name, the CCPA will have wide implications outside of California as well, potentially affecting more than 500,000 U.S. businesses.
The CCPA applies to businesses that:
Under the CCPA, the definition of California resident includes every individual who is in the state for other than a temporary or transitory purpose, or every individual who is domiciled in the state who is outside the state for a temporary or transitory purpose. The definition is quite broad, which means it appears to cover California residents while they are traveling in other states.
Even if the CCPA does not apply to your business now, you will want to closely monitor proposed privacy legislation in other states where you do business.
In 2019, over 43 states and Puerto Rico introduced over 300 bills and resolutions dealing with cybersecurity, indicating that 2020 could be a very active year for the enactment of consumer privacy laws. This issue is also on Congress’ mind at the federal level.
In effect, California will serve as a testing ground of sorts for future legislation in other states, so it is important to think about the potential implications for your business, monitor proposed laws and have a plan in place.
If your business falls under the scope of the CCPA, you will need to adjust to comply with the law, effective January 1, 2020.
Here are some of the new obligations businesses have under the CCPA (as proposed by draft regulations):
To view the current Proposed Regulations and other related documents, visit www.oag.ca.gov/ccpa.
It may seem obvious, but the first step to complying with the CCPA is to determine whether or not you need to.
Here are some questions you want to consider while you are reviewing with your legal counsel:
If you do fall under the CCPA, you’ll want to go through your current policies with a fine-tooth comb and determine what, if anything, you need to change. Work with your legal and compliance teams to come up with a game plan for implementing those changes. Decide whether your new policies will apply only to California consumers, or to all consumers and send out an updated privacy notice.
Even if you determine that you are not subject to the CCPA at this time, it is a good idea to re-evaluate your privacy policies now, as more privacy legislation is just around the corner, and you may be required to implement similar changes in the future.
To be compliant with the CCPA, companies will need to maintain a data inventory, or database to track all their data processing activities. Ensure that your data inventory has all the necessary information for compliance, including the ability to track consumer requests under the CCPA.
Under the CCPA, covered businesses must protect consumer personal information with “reasonable” security and consumers have the right to sue for data breaches, so now is the time to review your systems and address any high-risk areas that need attention.
It’s also a good idea to review data security policies with any third-party service providers who handle consumer information for your business.
Contact Us today to learn more how Cedar Financial prioritizes data security for our clients and their customers.
Do you have third party service providers or vendors that you share consumer personal information with? Or are you a service provider handling a business’s consumer PI?
If so, you’ll want to work with your business partner to ensure you are both on the same page in terms of compliance to consumer requests and other requirements under the CCPA. You may need to revise or add an addendum to your contracts to ensure compliance.
As always, consult with your legal counsel to determine the best course of action.
For covered businesses and service providers in the accounts receivable and collections space, the CCPA may create more questions than answers, which is why it is important to conduct a thorough review of this law with your legal experts, service providers and vendors.
Some questions you may want to go over include:
While the information provided on this website does not, and is not intended to, constitute legal advice, we welcome open discussion regarding the CCPA.
Call us at 800-804-3353 or fill Online Contact Form to start a conversation today
As a trusted business partner for our clients, Cedar Financial welcomes conversation about the laws and issues affecting your collections efforts, operations and cash flow. Our goal is to help you thrive and succeed, and we do this by providing the most comprehensive debt recovery services, tailored to your business’ needs.
Contact Us today. Whether large or small, domestic or international, consumer or commercial, we have solutions to fit your needs.
*The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information.