January 14th, 2020
With a new year comes a slate of new state and local laws, and 2020 is no different. However, few of these laws will have the wide-reaching implications of the California Consumer Privacy Act (CCPA). Signed into law in June 2018, CCPA went into effect on January 1, 2020. The overall intention of the law is to regulate data collection policies, and give consumers more control over how their data is used.
CCPA grants the following rights to California consumers:
Businesses subject to CCPA must do the following:
Companies can be subject to fines if they experience a data breach due to poor security practices. In addition, companies that are not compliant with CCPA could be subject to lawsuits directly from consumers or the Attorney General of California.
Any company that does business in California is subject to CCPA if they meet at least one of the following requirements:
This means that many SMBs and startups are likely subject to CCPA especially if they offer digital products and services. The fines as a result of data breaches ($100 - $750 per consumer, per event), could be particularly devastating to unprepared SMBs, as over 40 percent of cyberattacks are aimed at small businesses.
If your business is subject to CCPA you need to at least come into compliance with the basic requirements of the law:
One of the most important requirements of CCPA, although probably the least defined is the provision requiring businesses to “implement and maintain reasonable security measures and practices.” Each company will need to approach this requirement differently, but here are a few factors to keep in mind:
Working with an external security partner may make the process of becoming compliant with CCPA and other data security laws simpler. Electric works with small businesses and startups to achieve compliance with the growing number of regulatory frameworks.
This communication is distributed with the understanding that the author is not rendering legal or other professional advice on specific facts or circumstances and, accordingly, assumes no liability in connection with its use.