Happy New Year! Are you CCPA compliant?

Header Image
stylized neon circuit board with lock icon

Updated information as of January 2023: 

The Rules Have Changed - Consumer Privacy in 2023

CCPA & CPRA- A consumer Privacy Primer

January 1, 2020 was the deadline for multimillion-dollar, global companies conducting online business in California to adhere to the California Consumer Privacy Act (CCPA). Due to its similarity to EU’s General Data Protection Regulation act (GDPR,) it has been affectionately termed “America’s GDPR,” and it puts companies at risk of fines/penalties ranging from $100 to $7,500 per violation.

large table comparing GDPR and CCPA

(c) 2019 Courtesy of PwC 

With concern on the rise over data breaches and sellers of personal data hitting record highs in 2019, California is the first state to act on the heels of GDPR to bring an extra layer of privacy protection to its residents data with a potential cost to corporations of approximately $467 million, according to the California Dept. of Justice CCPA fact sheet

According to the fact sheet, businesses that are targeted by this law will have at least one of the requirements below:

  • Having gross annual revenues of $25 million or more
  • Buys, receives, or sells the personal information of 50,000 or more consumers, households, OR
  • Derives 50 percent or more of annual revenues from selling consumers’ personal information

Pew Research recently conducted a survey to discover how “American’s think about their privacy and the vulnerability of their data,” and they found that seven-in-ten Americans “feel their personal information is less secure than it was five years ago.” There is a general consensus that many more states will follow California’s lead and many companies are getting prepared for this. 

 What You Should Know

Here at Marker Seven, we have been helping our clients to implement changes to their privacy policies and cookie scripts this past December in preparation for the deadline at their request and per the advice of their counsel. Even though these companies were already GDPR compliant, there were enough differences forcing additional changes to their company policies. 

The PwC Network has put out together a brief CCPA “Readiness Roadmap” to help guide companies and give them a basic understanding of the key similarities and differences between the two sets of regulations. 

We have included some additional links below that can guide you during this process, but you can also contact us for more information.

Additional Resources: