Skip to Content

Pivoting for privacy

Spencer Lentz

Back on January 1, 2020, the California Consumer Privacy Act (CCPA) transformed online privacy as we know it. The newly adopted laws have a long runway – organizations have 24 months from adoption until penalties can be levied – but businesses that are taking a wait-and-see approach may be putting themselves in the back of the pack.

So, what exactly is the CCPA?

The CCPA is a comprehensive privacy law that streamlines data-protection requirements across the state of California and addresses the export of personal data. The new policy is very similar to the EU’s General Data Protection Regulation (GDPR) that went into effect last spring.

Like the GDPR, the CCPA aims to give consumers more control over their personal data while simplifying the regulatory environment for businesses operating within the state of California. The law is expected to have a profound impact on the way businesses collect and protect personally identifiable information (PII) from consumers, with ramifications that likely will spread far beyond the borders of the Golden State.

In sum, the law creates new rights for California residents regarding access, deletion, and sharing of their PII. Here are some specific answers to some common CCPA questions:

  1. What data is covered by the law?
    The statute covers any data at all that can identify you as an individual. This includes names, addresses, phone numbers, email, etc.
  2. Who does the law cover?
    While the CCPA applies to California residents, it is also extended to prospective customers, employees, and even vendors and suppliers who operate in the state.
  3. Which businesses must comply with the law?
    Beyond just businesses in California, the law applies to any organization that does business with any individual protected by the CCPA. In reality, this means that the CCPA will have a far-reaching impact throughout the US, North America, and the world.

Why compliance is a value driver

Organizations have a long time to get ready for CCPA compliance – 24 months. While two years seems like a lot of time to prepare infrastructure, processes, and people, it is actually an extremely tight deadline.

Financially, non-compliance penalties can be severe: $2,500 per unintended violation and $7,500 per intended violation. These fines pale in comparison to the punishment levied by the GDPR, but, in a situation where an organization is committing multiple infractions, this can add up quickly.

Worse still, however, is the erosion of customer trust that would come from a violation. Trust and loyalty are the most valuable capital an organization can hold and losing these can be catastrophic. People are very defensive when it comes to their information, and it would behoove companies to prepare for CCPA compliance as early as possible to maximize this trust.

What should you do?

So, whether you have started preparing for CCPA or not, what is your next move? Luckily, I was able to share my thoughts on the matter with eCommerce Times.

Make sure to check out my CCPA prep list, and please reach out with any questions.