Do you know what CCPA is all about? It’s okay if you don’t. You’re not the only person who is on that boat.
A lot of people are not entirely sure of what the CCPA is and what it protects.
Simply put, the California Consumer Privacy Act (CCPA) was created so it can protect people from California and their privacy rights.
But, is that all that the CCPA is about? Here is everything you need to know about CCPA and why it is the single best act to protect your privacy:
What is the CCPA?
The CCPA gives customers a lot more control over the personal data that businesses collect.
That basically means that if someone (who is from California) demands to take a look at all the data that a business has collected, they can now be granted access. And this also applies to any other third parties that have access to their data.
But, what exactly would people even gain from all this? A lot more that you would ever suspect.
They get to know and do things such as:
- What kind of business is collecting their personal data and why
- How to go about preventing any business from ever collecting data from your again
- How to prevent businesses from selling your personal data
- How businesses cannot ignore their requests regarding the use of their personal data
You read that right. Nowadays, a lot of companies will gather your personal data. They don’t necessarily do this so they can harm you in some way.
All businesses want to do is help by making your experience with them a lot better. Gathering a lot of your personal data will do that.
They don’t actually want to harm you in any way. All they want to do is comply with the CCPA ruleset.
As we mentioned above, the CCPA makes it possible for you to contact and access all of that personal data that companies collect.
That way, you won’t go around wondering what is happening to that data. You will actually get some real answers about what these companies are doing with it.
And, that’s about it, right? Well, not quite.
Yes, you now know what the CCPA is and why it’s so helpful. But, are you sure you know what all the benefits of the CCPA are? There are a couple of things that you might want to check out before you actually “check out”, like why exactly the CCPA is so important.
Why is the CCPA Important?
Believe it or not, your business can actually benefit a lot from the CCPA being around.
The CCPA became effective on Jan 1, 2020. People could finally see what the CCPA outlined be put in effect.
What did these outlines include? Here’s what:
- How data collecting works
- How people can make sure that no one will bring harm to their data
- What happens when businesses fail to comply to the rules set by the CCPA
All these points play into how the CCPA benefits you, your business, and other businesses as well.
The Benefits of CCPA
So yes, as you’ve likely gathered by now, CCPA has quite a lot of benefits. A lot of these benefits include people having a lot more transparency with companies.
What that basically means is that companies have to be ready and open about the data that they are collecting.
They would also let their customers know what purpose they held and assure them that their data wouldn’t be sold without their customer’s consent.
But, how exactly do these benefits benefit the businesses? Here’s how:
How Companies Benefit From CCPA
There are a lot of ways that a company can benefit from CCPA. One of the most basic benefits is consistency.
Another benefit is that CCPA compliance makes being compliant with GDPR that much easier.
California is, after all, the home of many tech and other giants that do extensive amounts of business within the EU where they have to comply with the GDPR.
Nowadays, most Californian companies are compliant to the CCPA.
Sure, they have to comply with some rules that may not benefit them as much as they do the customers. However, that doesn’t mean that companies do not benefit from the CCPA.
As a matter of fact, companies benefit from the CCPA a lot more than you might realize.
By being consistent, Companies will have the chance to be a lot more reliable. That means that customers will frequent your business a lot more often, because they will trust you.
Something like that can really boost a company’s reputation. You can gain a lot more traction and grow a lot further as a business.
Now, there might be some people who are reluctant to believe that these companies can really keep their personal data safe.
But, they shouldn’t be. Companies secure data through BitLocker encryption. BitLocker is by far the best way to keep your data safely tucked away.
Encrypted data can only be read by someone who has the encryption key. And, how can you manage BitLocker?
BitTruster will do that for you. BitTruster is an amazing management tool. With it, you will be able to easily manage BitLocker.
Now, you can rest assured that all your data will be safely secured and stored.
Speaking of data, how exactly does the CCPA affect different types of data?
How the CCPA Affects Different Types of Data
Does the CCPA affect every single type of data? Yes, it does.
This data can be:
Any sort of information that someone can use to identify you. This can be:
- Your full name
- Your address
- Your email
- Your ID
- Your location
- Your IP address
- Your phone number
On the other hand, sensitive data is a lot more, well, sensitive. Sensitive data needs an extra layer of security as it includes information such as:
- Your race or ethnicity
- Your opinion of certain politics
- Your religion
- Your genetic data
Luckily for all of us, the CCPA sees to it that this data isn’t lost to you. Your protection is important. The CCPA grants people a lot more transparency and keeps them in the loop.
But, what about the right that you have within this loop? How exactly does that part work? Let’s take a look:
What Rights Do I Have Under the CCPA?
As we touched on a little earlier, the CCPA grants Californians a lot of rights. These rights include:
- The right to know that a business is collecting data and also how that data is being used
- The right to ask that businesses stop collecting some certain data
- The right to prevent your data from being shared and sold by any business
- The right to point out that businesses cannot refuse to listen to your requests regarding your data.
Let’s take a look at each of these points separately:
The Right to Know that a Business is Collecting Data and Also How that Data is Being Used
You should know that you have the right to ask about information regarding the data that a business is collecting from you.
Why would you want to do that? Because they’re not going to just collect data. They will also use it. They might also share and sell it, but they do need your approval for that.
You want to make sure while businesses are doing stuff like that, your data won’t fall into the wrong hands. So, in order to avoid that, make sure to ask about stuff like:
- The kind of personal data that the business is collecting
- Where was the personal data collected from
- Why was this data collected in the first place
- Who was this data shared with
- Who was this data sold to
The Right to Ask that Businesses Stop Collecting Some Certain Data
Something else that you may decide to do is choose to ask that businesses stop collecting your data.
You can form a request where you can ask that businesses should stop collecting data from you. And, not only that. You can also ask that those businesses delete the data that they had previously collected.
Now, you have to remember that there are cases when companies will have good arguments for keeping your data. They won’t just immediately grant your requests.
But, that doesn’t mean that you shouldn’t try to stop them from using your data, if that’s what you want to do
The Right to Prevent Your Data From Being Shared And Sold by Any Business
You might not have a problem with businesses collecting data. But, what you might have a problem with is the fact that businesses share and sell that data with other third parties.
That’s why an opt-out request exists. Businesses don’t usually sell information if they get an opt-out request.
An opt-out request is exactly what you would think. A request that prevents businesses from selling your data.
After they get an opt-out request, businesses would need your consent if they ever wanted to share or sell your data again.
The Right to Point Out that Businesses Cannot Refuse to Listen to Your Requests Regarding Your Data
Know that businesses have to listen to what you have to say in regard to the data they’re collecting.
They cannot deny any goods, services, or even charge you a different price. Something like that would go against the rules set by the CCPA.
Although Businesses don’t have to complete every single one of your requests, they absolutely have to listen to what you have to say.
It doesn’t matter if it is sensitive or personal data. But what else is considered personal data? Here’s what:
What About Personal Information?
Personal Information (PI) has a pretty broad definition.
The CCPA calls it as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
So, simply put, PI includes data like your name, last name, address, and so on.
But, there are also a lot of other categories of PI. Some of which include:
- Your real name
- Your alias
- Your postal address
- Your email address
- Your IP address
- Your accounts information
- Your social security number
- Your driver’s license number
- Your passport number
But, why would companies even want to know all this data? Because, as we mentioned earlier, that way they can make your experience with them that much better.
They would get to learn a lot more about you. Who you are, what you’re interested in. information like that might sound a little scary to be brought out to other people.
But, you have to keep in mind that these companies don’t want to harm you. All they want is to get to know more about what you’re into.
But, that doesn’t mean that you should trust them blindly. You can still verify that they don’t mean any harm. What most companies want to do is is improve their service, and have all parties end the day with a smile on their face.
But, is personal data the only thing that companies collect? Not necessarily. It really depends on the company.
Companies can collect all sorts of data, which include:
- Customer data
- Customer’s name
- Customer’s signature
- Customer’s physical appearance
- Customer’s address
- Customer’s phone number
- Customer’s insurance policy number
- Customer’s social security number
- Customer’s education
- Customer’s employment history
- Classified / Sensitive data
- Your race or ethnicity
- Your nationalit
- Your religion
- Your mental and physical state
- Your gender identity
- Your sexual orientation
- Your marital and military status
- Public data, which is usually the easiest to access because it’s public. You should know that this type of data is not really seen as personal data, though. The same goes for aliases.
Public data is usually collected from:
- Social media platforms
- Different domains
Knowing that companies can collect this type of data can be even more scary. But, you can sleep a little better when you know why they’re collecting it.
And remember, you can always question why they collect it as well as decline them this information. The CCPA allows you to do that.
Every single business has to comply with the rules that are set by the CCPA. You want to know the types of businesses that are affected by this act? We got you!
What Type of Businesses Does the CCPA Apply to?
The CCPA affects a lot of businesses. As long as these businesses do their business in California, that is.
But, what exactly do all these businesses need to do to make sure that they are not going against the rules that are set by the CCPA?
All businesses in California have to try their hardest not to go against the following:
- Have an annual income of over $25 million
- Buys, sells, receives, or shares any personal information that belongs to 50,000 or more California residents. (This also applies to households, devices, and so on)
- Derive 50% or more of annual revenue from selling the personal information of California residents.
ut remember, the CCPA doesn’t affect you or anyone else that is the owner of a nonprofit organization or government agency.
But, that’s for the businesses that are within California. What about the ones that are not?
Well, the CCPA doesn’t manage people who don’t do business in California.
But, keep in mind that it doesn’t matter if a small percentage of your business is in California. You will still be affected by the CCPA.
For example: Volkswagen AG’s U.S. entity and its Audi brand were hit for a class action lawsuit. The reason for that being a data breach. This data breach allegedly compromised the personal data of 3.3 million consumers.
Something like that would never go unnoticed.
But, do you know what other types of businesses are affected by the CCPA? The ones that happen online.
Same thing goes for the ones whose work happens online. If your business is collecting data from Californians, you will be affected by the CCPA.
And, we are not only referring to small online businesses that only a handful of people have heard of. We are talking about actual big name businesses.
You heard that right! Businesses like Netflix, Starbucks, UPS, Microsoft are all affected by the CCPA. After all, their reach does touch California.
But, here’s what they are doing differently: They are extending the rights that the CCPA provides to other places all around America, not just Californians.
And, to be fair, it makes sense that they are deciding to do that. It would take a lot longer and a lot more work for companies to find out where every single person lives. And after that, they would have to differentiate Californians with everyone else.
But, another reason why they might’ve decided to do this is because of word of mouth. These businesses claim to care about their customers. They all say that their customers’ privacy and security is their number one priority.
So, let’s say that most people get a hold of the news of the CCPA situation. They would all complain about how these companies “care more about Californians that they do the rest of America”.
Any business owner wants to avoid something like that from ever happening. So, what do they do? They expand the CPPA rights to the rest of America.
But, they would likely already do something like that. Why? Because they expect that more and more states will roll out similar legislation.
So yeah, businesses have to go through some difficulties in order to comply with the rules set by the CCPA. Rules which affect several kinds of businesses, not just one.
But in the end, it’s all worth it. The CCPA is, after all, a really effective act, right? Well…
How Effective is the CCPA?
Is the CCPA even that effective? The CCPA is meant to affect the way that companies go about collecting their customers’ data.
Now, they have to be a lot more transparent with how they do the collecting.
But, how effective has the CCPA been since it was first passed? Well, the answer to that question is simple, but vague: It’s not 100% clear.
Under the CCPA, all consumers have the right to know when their data is being collected, used and shared.
And, they also have the right to question the businesses that do the collecting, using and sharing. Customers might even prevent businesses from ever using that data. (at least to some extent)
On the other hand, businesses can benefit from customer loyalty. Safety is key in all businesses. If your customers feel like they’re safe under your roof, they’ll return for more of what you got to offer.
So you see, companies don’t just have to comply and gain nothing by doing so. What they get is their customers coming back and their business growing bigger and bigger.
So, considering everything that we just mentioned, why wouldn’t the CCPA be 100% effective? The answer to that question is also simple: It depends on who you ask.
Many people have difficulties with the CCPA, despite it being created to deal with those difficulties.
Some people might be asking certain companies to stop collecting their personal data. But remember, companies have to listen to what the people have to say and explain the situation.
However, that doesn’t mean that they have to instantly complete each and every single one of their requests.
People may prevent companies from collecting their data. But, something like that doesn’t happen in an instant.
Companies also have to face their own challenges. The CCPA asks Californian companies to adapt to a lot of these rules. And, that also comes with it’s fair share of challenges.
Companies need to deal with every departament getting used to the new rules set by the CCPA. Imagine how hard that is for CIOs and CISOs. They are the ones who have to keep data protected.
Yes, CIOs and CISOs do use BitLocker to encrypt data and BitTruster to manage it. But, they still have to get used to the changes caused by the CCPA.
Companies have to protect their own data, try their hardest to not have any data breaches happen.
So, with all of that in mind, it’s no wonder why the CCPA’s effectiveness is not 100% clear. But, businesses do comply with the rules set by it.
There’s the argument that they have to do that. But again, it’s not like no one is benefitting from this situation. Everyone is.
And, you can’t make an omelette without first breaking a few eggs. So, although the end results might not be 100% clear, they are most definitely on the positive side.
Since we’re on the topic of businesses complying with the CCPA rules, what would happen if they stopped doing that?
What Happens When Businesses Don’t Comply with the CCPA Rules?
So, what would happen if your business didn’t feel like it was necessary to comply with the rules that the CCPA set?
Well, something like that wouldn’t go unnoticed. The CCPA is crafted to help organizations be a lot more transparent with the data they collect.
If businesses suddenly decided to no longer be transparent with their customers, they would most likely get a fine.
These fines can include a ton of different cases. Here are some of them:
- A car company not notifying their customers accordingly. Meaning they didn’t really comply to the CCPA rules
- A clothing retailer that didn’t include the CCPA rights, information and how to exercise them.
- A mass media and entertainment conglomerate that didn’t give their customers a way to opt-out of the sale of their personal data.
- A pet adoption agency that illegally asked for notarized verification for CCPA requests.
- A social media company that collected and shared data without notifying their customers.
The rules that are set by the CCPA clearly state that if any business, service provider or individual violates them, they would have to be fined and suffer penalties.
What do these fines and penalties include? Let’s take a look:
Fines and Penalties
Every single organization that breaks the rules that the CCPA sets has to be held accountable. They might’ve done a series of things that have caused them to be fined.
These things include:
- Not listening to what the customer has to say in regard to their data
- Not informing the customer about the usage of their personal data
- Selling personal data without first giving their customer the right to opt-out
And, organizations that fail to follow the rules that the CCPA sets don’t just have to worry about fines. They also have to worry about what the customer decides to do.
That’s right! Customers can also be a big problem for businesses who don’t follow the rules set by the CCPA.
Why? Because they can sue your business for not complying with those rules.
The CCPA gives customers a lot of rights. One of which includes the right to sue for statutory damages with a rate of somewhere between $100 and $750.
And, what’s worse is that that doesn’t cover the overall customers and damages. You would have to pay that amount for every single client about every single damage.
Something like that can cause a lot of damage to a business. Some of that damage can be irreversible.
That’s why businesses have to be absolutely careful about following the rules that are set by the CCPA. And, don’t think that fines are always going to be the same for every time a business doesn’t follow the rules.
What Happens When a Business Fails to Comply More than Once?
If your business doesn’t comply with the rules that the CCPA has set a second time, they won’t face the exact same consequences.
Your fines would be a little worse this time around. You would have to pay a higher sum of money. And, you would have to hope that your customers don’t sue you.
The same would happen with a third or fourth fine. Your fines would grow bigger in size and your business smaller in name and credibility.
So, why not just avoid that kind of a loss? All you have to do is follow the rules. You’ll come out better in the end.
If keeping your business and your customer data safe is what you’re worried about, don’t be. All you need to do is use BitLocker and encrypt all of that data. BitTruster can help you manage it.
And then there would be nothing left to worry about. Why break the rules when you can come out better because of them?
And, you might not even have anything to worry about if your business is not within California. Here’s why:
Are Non-California Residents Affected?
Don’t think that you are not going to feel the effects of the CCPA just because you are on the East Coast, or some other part of the US.
But, why? Why would you worry about something that affects California residents and businesses? You don’t fall into any of those categories.
Well, the reasons why you still have to worry about the CCPA are actually a lot less complicated than you might think. Here’s why:
Why Do Non-Californian Still Have to Worry About the CCPA?
Some business owners like to think that just because their headquarters are not in California, they won’t be affected by the CCPA.
But, that could not be any farther from the truth. You don’t need to be within the state of California to be affected by the CCPA.
It also doesn’t matter if you are collecting data through an online website or some other way. As long as your business affects California residents, you’ll be affected by the CCPA.
As we touched on earlier, the CCPA might not affect companies that do business entirely outside of California. But, it’s also very rare for a company to do business around the US and not go to California. It is, after all, the most populous state in the country.
nd, that’s just the people who own businesses. What about the other California and non-California residents?
Well, Californians would still be affected by the CCPA even if they decide to visit another state.
As for non-Californians, there are a ton of companies who do business online who are trying to give non-Californians the same rights as Californians. Meaning non-Californians would still be affected by the terms of the CCPA.
And, as we said earlier, this is likely due to the fact that companies don’t want customers to feel like they’re playing favourites. They want them all to feel every single customer is being protected.
So in the end, non-Californians may not be as affected by the CCPA as actual Californians. But, that doesn’t mean that they don’t feel some of that effect.
The funny thing is that this type of question is one of the many similarities that the CCPA shares with the GDPR.
Oh, have we not told you about the GDPR yet? Let’s fix that.
CCPA vs GDPR: What Differentiates Them?
There are some people who believe that the key difference between the CCPA and the GDPR is that one deals with personal data while the other deals with personal information.
But, that statement doesn’t actually make a ton of sense. Why? Because information and data are pretty much the same thing.
Meaning that both the CCPA and the GDPR protect data / information that represents an identifiable person.
That’s pretty much the key similarity between the two. Now let’s get to the fun stuff. What differentiates them?
To know that, we first must talk about both the CCPA and the GDPR separately. Let’s start with the CCPA.
One thing you should definitely know about the CCPA is that it’s actually not as broad as the GDPR. It affects a much smaller community.
Now, we know that calling the entire state of California a “small community” might sound ridiculous. But, when you compare it to the amount of people and businesses that the GDPR affects, that statement will begin to make a lot more sense.
The CCPA affects Californians and Californian businesses. And, it also affects businesses that may only have a foot in California’s door, while the rest of their body does business elsewhere.
Every single business has to follow the rules that the CCPA set for them. That means that customers get to have a lot more rights than they previously did.
Now, customers get to know who is collecting their data, why they’re doing it, and should they stop. Customers even have the right to sue businesses for not complying with the CCPA rules if they want.
It might sound messy, but, as we explained earlier on this blog, it is actually a lot more beneficial than you may think.
So, that’s what the CCPA is. On the other side of the world, we have the GDPR and its ruleset.
Remember when we said that the CCPA is not as broad as the GDPR. The reason for that is that the GDPR covers all of the European Union (EU).
Although, one thing that the GDPR shares with the CCPA is the rights that they offer. These rights include:
- The right to be informed
- The right to access
- The right to portability
Under the GDPR, customers also have to be informed when their data is being collected. They have the right to ask who is collecting the data, why they’re doing it, and if they intend to share it with anyone.
Speaking of the consumers, something else that differentiates the two is who these laws apply to.
The CCPA calls them “consumers”. And, the GDPR calls them “data subjects”.
However, data subjects can and are seen as a much wider set. That makes the GDPR much broader in scope.
That shouldn’t come as a surprise considering that data subjects who have data processed inside the EU companies are the people who offer services or products to the EU.
We already mentioned earlier that the CCPA gives consumers certain rights.
The GDPR sees data subjects as someone “who is in the State for other than a temporary or transitory purpose” or someone “who is domiciled in the State who is outside the State for a temporary or transitory purpose.”
Lastly, there are also the CCPA and GDPR fines.
GDPR and CCPA Fines
If a company fails to follow the rules that either of these acts set for them, then they will get fined.
We have already talked about how fines and penalties work for the CCPA. But, what about the GDPR?
Well, the GDPR also has fines, just like the CCPA does. The pricing is different though. A GDPR fine can be as expensive as €20M, which is not at all a small amount of money.
And, just like the CCPA, the more you break the rules the more expensive fines will come your way.
Fines are a strike that no business needs. So why not avoid a massive headache and follow the rules?
Well, some people just don’t want to do that. Some of them rather follow myths which they believe to be true, rather than read actual facts.
What sort of myths? Here, we’ll tell you:
CCPA: Myths vs Reality
Existing Insurance Can Cover Penalties
You might think that your existing insurance will cover you if you don’t follow the rules that the CCPA set. After all, your company does have insurance for a reason, right?
Well, here’s the thing. These fines are not going to be cheap. And if you have a ton of customers, they are going to be even more expensive.
You really shouldn’t rely on insurance to fix this problem, cause it won’t.
What you should do is comply with the rules set by the CCPA, and sleep better at night knowing that your business and your reputation won’t go the Titanic route.
Companies Need to be Headquartered in California to be Affected by the CCPA
Don’t go thinking that the CCPA won’t touch you just because you’re not headquartered in California. It absolutely can.
There are, in fact, a ton of companies that are not headquartered in California. But, they are still affected by the CCPA.
Why? Because as long as you have business with California and its residents, as long as you collect their data, you are going to be affected by the CCPA.
I Can Comply Later
This law has been in effect since the beginning of 2020. So, you should be all set and ready by now.
You should hurry and comply with those rules. Because otherwise, you will get fined. And remember, something like that can ruin your business.
This is not something that you can avoid. It won’t go away. You have to be ready now so you suffer later on.
Big Companies Are the Only Ones Affected by the CCPA
The CCPA doesn’t just apply to large companies. So, don’t go thinking you’re off the hook just because you own a very small business.
Every single business, big or small, needs to follow the rules that the CCPS sets. All a business needs to do or be in order to be affected by the CCPA is have:
- An annual gross revenue of over $25 million
- Buy, sell, receive, or share any personal information that belongs to 50,000 or more California residents. (This also applies to households, devices, and so on)
- Derive 50% or more of annual revenue from selling the personal information of California residents.
I Don’t Have to Worry About the CCPA Because I don’t Keep My Clients’ Sensitive Data
The reason why there are a lot of people who actually believe this myth is due to them confusing the CCPA with the Health Insurance Portability and Accountability Act (HIPAA).
What is HIPPA? HIPPA protects patients’ health data. It covers:
- Healthcare providers
- Health plans
- Healthcare clearinghouses
- Business associates
All this data is kept protected. Someone is only allowed to use it without authorization due to:
- It being required by law
- Certain public health activities
- Someone being a victim of abuse, neglect, or domestic violence
- Health oversight activities
- Judicial and administrative proceedings
- Law enforcement
- Identification of the deceased
- Organ, eye, or tissue donation
- Research (in some cases)
- To prevent health threats
- Essential government functions
- Worker compensation
So, to reiterate, the HIPAA covers sensitive healthcare data. But, that’s not the only thing that the CCPA covers.
The CCPA covers personal data that can be used as means to identify, relate to, or associated with a California resident.
That basically means the CCPA affects a lot more than just sensitive data. It affects every single type of data that a company can collect from you.
What Comes Next?
Well, now you know what the CCPA is all about. So, what comes next? You can start by keeping your data safe and secure.
Don’t worry, this process is actually pretty easy. You already know that BitLocker can encrypt all your data. And, the management process is also not going to be hard. BitTruster will see to it that your experience is fast, convenient and helpful.
Now that you know everything about the CCPA and data security, it’s time to make your business a safe and engaging environment.