Who does the California Consumer Privacy Act apply to?

Who does the California Consumer Privacy Act apply to?

California Consumer Privacy Act (CCPA) is one of the first citizen privacy protection act formulated to bring customer data transparency against personal data use by companies for various purposes. The bill for the ordinance was passed by the California State legislature on June 28, 2018, as an amendment to the California civil code accredited by the Governor of the State, Jerry Brown.

What is the California Consumer Privacy Act?

The CCPA legislation reads that “companies need to provide more information to consumers about what’s being done with their data and give them more control over how or if this data is shared”.

Basically, the law compels the companies to provide complete information on what’s being done with the customers’ data. The main issue addressed here is that many people are oblivious of their personal data being shared across. So, this act ensures that the customer has the right over his data exposure and can choose to opt-out in case of disagreement.

Who does the CCPA affect?

The businesses that fall under the act compliance are:

  1. Whose annual income accounts for at least $25 million.
  2. Those who have more than 50,000 users’ or devices’ data.
  3. Where more than 50% of the revenue is attained by selling the users’ data.

The businesses that are exempted from the act compliance are

  1. The health and insurance companies who are enlisted under HIPAA.
  2. The finance companies that are included by Gramm-Leach-Bliley.
  3. The credit reporting companies that come under the Fair Credit Reporting Act.

California Consumer Privacy Act – Details

The personal information referred to in ccpa definition reads as “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Basically, it includes every data that falls under the personally identifiable information (PII).

This act is the first in the US states, to come into effect for the privacy protection of consumers. It closely relates to the EU-GDPR, which deals with data privacy and security.

When does the Act come into force?

The act was originally approved in June 2018, by the Governor of California. However, it’s set to be effective from Jan 1, 2020.

What’s the next lap?

The California act has brought generous changes in many other US state councils. People are now aware of the need for consumer data privacy and are guided over to take similar steps. Many comparable laws are being formulated for states like Massachusetts, New York, North Dakota, Maryland, and more. 

The companies are to become more aware of how the data is being used, and at the same time, should become more responsible for the peoples’ data privacy. They should take steps to constantly bifurcate data based on the degree of sensitivity and monitor for threats at regular intervals.