What Are The Penalties for CCPA Non-Compliance?

Companies who don’t comply with the California Consumer Privacy Act (“CCPA”) put themselves at risk for significant financial penalties. The cost of compliance pales in comparison to the potential penalties, which are enforced by the California Attorney General’s office.

What is the California Consumer Privacy Act (CCPA)?

The CCPA is a state statute that enhances privacy rights and consumer protections for residents of California. The CCPA applies to any company doing business in California, including any for-profit entity that collects consumers’ personal data and satisfies at least one of the following thresholds:

1. 1. Has annual gross revenues in excess of $25 million;
2. ‍Buys, receives, or sells the personal information of 50,000 or more consumers or households; 
   
   or
3. Earns more than half of its annual revenue from selling consumers’ personal information.
   
   
   Organizations subject to the CCPA are required to “implement and maintain reasonable security procedures and practices” in protecting consumer data.

The intentions of the CCPA are to provide California residents with the right to:

1. ‍Know what personal information is being collected about them;
2. ‍Know if and to whom their personal data is sold;
3. ‍Prevent the sale of personal data;
4. ‍Access their personal data;
5. ‍Request that a company delete their personal information for; and  
6. ‍Not be discriminated against for exercising their privacy rights.

CCPA Fines & Penalties for Non-Compliance

The California Attorney General is responsible for enforcement of the CCPA. While enforcement of the CCPA cannot begin until July 1, 2020, any actions taken by companies from January 1 to July 1, 2020 in violation of the CCPA may be enforced after the July 1 date, so companies are best served by being in compliance now!

Civil penalties imposed by the Attorney General can range from $2,500 for an unintentional violation to $7,500 for an intentional violation per instance. A company may not be not liable for these penalties if it cures any noncompliance “within 30 days after being notified of alleged noncompliance” (although some types of noncompliance – or a data breach – may not be capable of “cure”).

A unique aspect of the CCPA is that it contains a private right of action that consumers can bring under certain circumstances if a business experiences a data breach. This means that if your company violates the CCPA, individual consumers can file a claim against your company for damages. Importantly, the exemptions in the CCPA for personal information collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), employee/applicant personal information or personal information collected by business to business transactions and interactions do not exempt the covered business from the CCPA private right of action for data breaches.

How can Clym help with CCPA compliance?

Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:

• All-in-one platform: One interface combining Privacy and Accessibility compliance with global regulations, at an affordable price;
• Seamless integration into your website;
• Adaptability to your users’ location and applicable regulation;
• Customizable branding;
• ReadyCompliance: Covering 30+ data privacy regulations;
• Six preconfigured accessibility profiles, as well as 25+ display adjustments that allow visitors to customise their individual experience.

You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.