Schedule Your Free Network Assessment With BC Networks
California Consumer Privacy Act vs. GDPR
California’s recently passed privacy law, coming on the heels of similar regulations issued by the European Union, makes it imperative that businesses have clear policies and procedures for collecting, storing and using personal information. The California Consumer Privacy Act (CCPA), passed in May 2018, is a far-reaching law that covers not only the data itself […]
“BC Networks, Inc. always deliver over and above my expectations.”
California’s recently passed privacy law, coming on the heels of similar regulations issued by the European Union, makes it imperative that businesses have clear policies and procedures for collecting, storing and using personal information.
The California Consumer Privacy Act (CCPA), passed in May 2018, is a far-reaching law that covers not only the data itself but also how businesses manage relationships with consumers and third parties. It is similar to but more stringent than, the EU’s General Data Protection Regulation (GDPR), also enacted in 2018.
What Businesses Does the CCPA Affect?
The CCPA applies to any business or non-profit organization (or entity that controls or is controlled by such a business and shares branding) that meets one of the following criteria:
Exceeds $25 million in annual gross revenue
Has personal information on 50,000 or more consumers, devices or households
Earns more than half its annual revenue by selling personal information to a third party
How Is ‘Personal Information’ Defined?
The CCPA takes a broad approach to personal information, including some data that are not typically included in such definitions. Under the act, personal information includes:
Unique identifier, including cookies
Commercial information, such as property records
Internet activity, including browsing history, search history and interactions with websites, ads or applications
Professional and employment-related information
.A provision also covers inferences that could be drawn from any of the other information to create consumer profiles. The law does not include publicly available information.
What Rights Do Consumers Have Under the CCPA?
Consumer rights under the CCPA include:
Data Access. Consumers can request in which categories a company has collected information, the categories of sources of that information and the specific information itself. Businesses also need to divulge the purpose of obtaining or selling personal information. Companies receiving a request must promptly deliver said information via email or mail free of charge. Businesses are required to share information no more than twice annually.
Deletion. If requested, businesses must delete any information the firm has collected and order its service providers to do the same. Data need not be removed in some instances, such as to complete a transaction, detect fraud or use for reasonable internal purposes.
Data Transactions. Businesses must reveal the categories of information sold to a third party and how those match up with the third parties’ information categories.
Opting Out. Consumers can opt out of selling their information to third parties. Those that sell information to third parties must notify consumers and provide them an opportunity to opt out. If a consumer is under 16, the business must receive affirmative consent (e.g., opting in) from the consumer or, if under 13, a parent or guardian.
Non-Discrimination. Businesses may not discriminate against a consumer who exercises these rights, including refusing to sell goods or services, charging different prices or delivering a different quality of products or services.
Does the CCPA Address Data Breaches?
In the event of a data breach, the CCPA provides consumers with a private right of action. That means consumers can pursue statutory damages and injunctive relief if data is accessed or stolen by an unauthorized party. It also allows consumers to take action if the business failed to maintain reasonable security measures.
What Other Obligations Do Businesses Have?
Businesses must post California-specific privacy rights on websites. Those sites must also disclose how consumers can request information and the categories of personal information collected or sold in the previous 12 months. There must also be a conspicuous link titled ‘Do Not Sell My Personal Information.’
Businesses must train employees on the act and consumers’ privacy rights.
How Is the CCPA Different from the GDPR?
The European Union adopted the General Data Protection Regulation that applies to nearly all companies that collect private consumer data on EU citizens. It requires companies to comply with robust data security and management protocols.
While the compliance categories are nearly the same as those under the CCPA, the guidelines are not as well defined, and enforcement is weaker. Unlike the CCPA, the GDPR applies to small and large companies and will likely evolve over time.
What Should My Business Do to Address GDPR and CCPA?
What can your company do to comply with these acts? Here are a few tips:
Create an internal privacy team, responsible for developing and reviewing privacy policies and managing consumer requests
Develop a consumer information policy and processes that include how data is collected, categorized, stored and accessed. Consider deleting private consumer data that is not needed for the business relationship.
Update your website with the required notices, links, and policies that are updated annually.
Evaluate data security, including security policies, backups, encryption and access.
Searching For A New IT Company For Your San Francisco Bay Area Organization?
For 17+ Years, BC Networks has helped large and emerging organizations throughout San Jose and the entire San Francisco Bay Area with all their IT service needs.
Schedule Your Initial Consultation.
Fill out the form below.
Meet Our President & CEO
Dave is an IT Executive with a proven track record of building value, industry relationships, world-class secure network infrastructure, and management teams to lead start-ups to market leadership positions.
Specialties: Office365, Disaster Recovery, Cybersecurity Risk Assessments, Public & Private Cloud solutions, System Design & Architecture, IT support services for Small to Medium-sized Enterprises.
17+ Years of Experience Working With Large & Emerging Organizations
In The San Francisco Bay Area.
Our Results Speak For Themselves!
"BC Networks is one of the best IT support companies I've done business with. Great staff always courteous and knowledgeable. They leverage cutting edge managed services tools that can monitor and protect IT infrastructure from internal and external threats before they happen. BC Networks has different service packages priced to fit almost any sized business. I would highly recommend them!"