CCPA stands for the California consumer privacy act (CCPA). It is a data privacy law that ensures consumers in California are aware of which information a business can collect from them.
It also gives these consumers the right to ask for disclosure.
What is required for CCPA compliance
CCPA requires companies to comply with user requests for: All data collected and stored.
Each category of sources where data is collected (e.g., financial, contact, medical). The business purpose for collecting and selling user data.
What is Exempt from CCPA
Employees and Job Applicants For these reasons, the CCPA contains a limited exemption for personal information collected by a business about anyone acting as a job applicant to or employee, owner, director, officer, medical staff member, or independent contractor of that business.
Why is CCPA important
The CCPA gives the residents of California the right to know how businesses are handling their personal information.
The new law mandates companies to inform consumers about the data collected or shared while giving them the right to access, control, delete, and opt out.
Is business contact information personal data under CCPA
The California legislature has extended partial exemptions under the California Consumer Privacy Act (CCPA) for the collection and processing of personal information related to business contacts and employees/independent contractors until January 1, 2022.
Do I need a CCPA
Companies with over $25 million in revenue: If you are a company that serves California residents and generate over $25 million in revenue annually, you are legally required to comply with CCPA.
The revenue meant by the CCPA is total global revenue, not just revenue generated in California.
Who created the CCPA
Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.
Who is exempt from CCPA
A business that does not collect personal information from California residents is exempt from the CCPA.
Businesses that do collect personal information from California residents are also exempt if they do not meet any of the following thresholds: Makes at least $25 million in annual gross revenue.
What is a Ccpa service provider
Service Provider Definition: The California Consumer Privacy Act defines a service provider as a for-profit legal entity that processes personal information on behalf of a business pursuant to a written contract for a business purpose.
Businesses may use service providers and share personal information with them.
What rights does CCPA provide to California consumers
The CCPA empowers California residents with the right to opt out of third-party data sales, the right to be informed of data collection and rights, the right to have collected data disclosed, the right to have collected data deleted, and the right to equal services and prices.
Are nonprofits exempt from the CCPA
For CCPA specifically, nonprofits are exempt. Therefore, the responsibility is on businesses that are covered by the law, including all vendors, providers and agencies.
What does the CCPA consider to be consumer personal information
A list of what is defined under the CCPA as personal information includes: Direct identifiers such as real name, alias, postal address, social security numbers, driver’s license, passport information and signature.
How do I comply with CCPA
To comply with the CCPA, businesses that have other companies process their data will need to update their third party contracts including inserting standard-contractual clause language; requiring vendor data inventories; using due diligence questionnaires; providing records of processing; requiring the syncing of
Is employee data exempt from CCPA
Under current law, the CCPA’s limited workforce data exemption imposes limited obligations on covered businesses with respect to personal information collected from job applicants, employees, and contractors (the workforce) in employment contexts.
What is CCPA opt out
The California Consumer Privacy Act (CCPA) provides consumers with the right to opt-out – meaning, the right to tell a business to stop selling their personal information.
Is Google Analytics CCPA compliant
Yes. Google Analytics uses Client IDs to measure each individual user and their behavior in order to aggregate and present data about your website’s performance.
Client IDs fall under the CCPA’s definition of personal information because they can be used to recognize a consumer over time and across different services.
What are the CCPA categories
It establishes the following categories of personal information: Identifiers: Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Is CCPA modeled after GDPR
Although the CCPA incorporates some of the same concepts, it is not modeled after the GDPR.
The GDPR focuses on creating a legal foundation that puts privacy first for the entire EU.
On the other hand, the CCPA focuses on providing data transparency for California consumers.
Does CCPA have private right of action
The CCPA’s private right of action allows consumers to bring a private legal case against a business that will be heard before the California courts.
What data is exempt from CCPA
These exemptions include information that is collected and used “wholly outside” of California; collected about employees; collected about b2b contacts; related to certain warranties and recalls; or subject to other state and federal laws.
Do I need CCPA in my privacy policy
If you are a “business” as defined by the CCPA and do business with people located in California, you must have a CCPA-compliant Privacy Policy.
A “business” under the CCPA will meet one of the following requirements: Has an annual gross revenue of at least $25 million.
Do I need CCPA on my website
Now, businesses that collect personal information from California residents must comply with new privacy laws.
Even if your business doesn’t operate in California, your website still must be CCPA compliant if you collect any personal data on California residents.
That includes many businesses in the United States.
Does Google Analytics violate CCPA
If your are a “business” under CCPA, Google Analytics is a compliance liability. A business is defined in the CCPA as a company or organization that meets any of the following three thresholds: Annual gross revenue of $25 million or higher.
How long must a business retain records of consumer requests made under the CCPA
A business must maintain records of consumer requests made pursuant to the CCPA and how the business responded to such requests for at least 24 months.
The business must implement and maintain reasonable security procedures and practices in maintaining these records.
What data is in scope for CCPA
To fall within the scope of the CCPA, the business must also meet one of the additional three criteria: Have $25 million or more in annual revenue; or.
Possess the personal data of more than 50,000 “consumers, households, or devices” or. Earn more than half of its annual revenue selling consumers’ personal data.
What is a third party under the CCPA
The CCPA provides that an organization is a “third party” unless (1) it is the “business” that collects PI from consumers, or (2) it enters into a contract with a “business” that requires such organization to follow “service provider”–type restrictions.
What does CCPA considered personal information
The CCPA maintains a broad definition of “personal information” or PI, referring to it as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
Is a sole proprietor a consumer under CCPA
That would include consumers as traditionally defined (people purchasing goods and services for personal, household and family use) but also includes individuals acting in their business capacity (sole proprietorships, officers, directors and shareholders, and employees).
What states have adopted CCPA
Five states—California, Colorado, Connecticut, Utah and Virginia—have enacted comprehensive consumer data privacy laws. The laws have several provisions in common, such as the right to access and delete personal information and to opt-out of the sale of personal information, among others.
What are the 7 rights given to consumers by CCPA
Consumer rights in the CCPA can be formulated in different ways, but we divide them into the following categories: (1) right to notice, (2) right to access, (3) right to opt out (or right to opt in), (4) right to request deletion, and (5) right to equal services and prices.
Sources
https://www.nolo.com/legal-encyclopedia/exempt-job-categories-under-californias-new-ab5-law.html
https://termageddon.com/who-caloppa-applies-to/
https://adia.works/blog/ab5-business-to-business-exemption/