Companies who don’t comply with the California Consumer Privacy Act (“CCPA”) put themselves at risk for significant financial penalties. The cost of compliance pales in comparison to the potential penalties, which are enforced by the California Attorney General’s office.
The CCPA is a state statute that enhances privacy rights and consumer protections for residents of California. The CCPA applies to any company doing business in California, including any for-profit entity that collects consumers’ personal data and satisfies at least one of the following thresholds:
The intentions of the CCPA are to provide California residents with the right to:
The California Attorney General is responsible for enforcement of the CCPA. While enforcement of the CCPA cannot begin until July 1, 2020, any actions taken by companies from January 1 to July 1, 2020 in violation of the CCPA may be enforced after the July 1 date, so companies are best served by being in compliance now!
Civil penalties imposed by the Attorney General can range from $2,500 for an unintentional violation to $7,500 for an intentional violation per instance. A company may not be not liable for these penalties if it cures any noncompliance “within 30 days after being notified of alleged noncompliance” (although some types of noncompliance – or a data breach – may not be capable of “cure”).
A unique aspect of the CCPA is that it contains a private right of action that consumers can bring under certain circumstances if a business experiences a data breach. This means that if your company violates the CCPA, individual consumers can file a claim against your company for damages. Importantly, the exemptions in the CCPA for personal information collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Driver’s Privacy Protection Act (DPPA), employee/applicant personal information or personal information collected by business to business transactions and interactions do not exempt the covered business from the CCPA private right of action for data breaches.
Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:
You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.