Sunday, January 24, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

The Final Countdown: The Final, Final Version of the CCPA (Until Next Year)

The Latest Iteration of the Legislation is Ready for the Governor’s Signature

by Russ Berland
October 1, 2019
in Data Privacy, Featured
hourglass with blue sand on laptop

Many suspected – and rightly so – that the California Consumer Protection Act was too messy to go forward as originally proposed, but now the changes are locked in. Russ Berland discusses the most recent amendments.

On January 1, 2020, a new privacy regime will commence in the U.S. The California Consumer Protection Act (CCPA), which has stricter standards than even the EU’s General Data Protection Regulation (GDPR), will go into effect and every business that deals with California consumers should be ready.

So, are we? According to privacy solution provider PossibleNow’s recent August survey, over half (56 percent) of companies to which the law will apply will not be ready. And as of PossibleNow’s July survey, only 8 percent of those companies reported being ready to comply with the CCPA at that time. Among the key reasons for anticipated noncompliance cited by survey participants were not knowing what the CCPA will require and how it will be enforced.

The initial drafting and passage of the CCPA last year was rushed and somewhat messy, and some ambiguities were left in the original statute. Privacy experts generally assumed that the law would be amended to clean it up, but the content of those changes has not been known until now. But now, the California legislature has passed six amendments which will alter the CCPA prior to its effective date. The California legislature finished its session on September 13 and cannot make any further changes until after the CCPA becomes effective on January 1.

So, assuming that the bills will all be signed by the governor, we now know the actual requirements of the CCPA on January 1. The California Attorney General is expected to issue regulations on the CCPA in the next month, but those regulations may not impact the law’s substance, which is set – for now.

On January 1, businesses need to be prepared for every California consumer to get five rights over their personal information, which have not generally been enjoyed elsewhere in the U.S. These are:

  1. The right to request disclosure of your business’ data collection and sales practices affecting that consumer, which include:
    • the categories of personal information you have collected about them;
    • the source of the information;
    • your use of the information; and
    • if their information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold.
  1. The right to request a copy of the specific personal information collected about them.
  2. The right to have that information deleted (subject to some exceptions).
  3. The right to request that their personal information not be sold to third parties, if applicable.
  4. The right not to be discriminated against because they exercised any of the new rights. However, now, under certain circumstances, a business may charge more to consumers who opt out of having their information used or sold.

With the new amendments, there are some changes and uncertainties from the original version of the CCPA that will be removed or clarified once the governor makes them official. These include:

  • A toll-free number is no longer required for a consumer to exercise their rights, but a business may provide an email address instead.
  • Employees do not get privacy rights under the CCPA to exercise against their employers – until that exemption sunsets on January 1, 2021.
  • Certain information about vehicle warranties or recalls is exempt from opt-out rights.
  • Personal information does not include information that is de-identified or aggregated from a population of consumers.
  • When a consumer attempts to exercise their rights, businesses now have the authority to “require authentication of the consumer that is reasonable in light of the nature of the personal information requested.”

The CCPA applies to any business that collects personal information from California consumers and has $25 million or more in revenue; derives over half of its revenue from buying, selling, receiving or sharing personal information of consumers; or collects the information of 50,000 or more California consumers. Consumers are defined as residents of California under the state tax code.

In order to comply with the CCPA, businesses should:

  • Update their privacy notices and policies now and annually for reflect CCPA requirements;
  • Add a “Do Not Sell my Data” button to their homepage;
  • Retrain their pertinent employees on the new compliance requirements of the CCPA;
  • Implement systems to comply with their new privacy notices and policies and to authenticate and follow-up on legitimate consumer requests under the CCPA; and
  • Audit their systems to ensure they can and do comply with their own privacy notices and policies and with the consumer rights provided by the CCPA.

For those 58 percent of companies that will not be ready for the CCPA, there is a potential $2,500 fine for every unintentional violation and $7,500 for every intentional violation. As an example, an unintentional violation affecting 10,000 California consumers could cost $25 million in fines, while an intentional violation could cost $75 million. The maximum fines are not capped and could be potentially much, much greater than those under the EU’s GDPR, which are capped at 4 percent of annual revenue.

The uncertainty about what the CCPA will require on January 1 is almost gone (depending on what the Governor of California does in the next few weeks). With this information, we have a good sense of what we need to do to comply with the CCPA and the possible fines we might face if we fail to do so. January 1 is less than four months away. Perhaps it is finally time to take action to prepare for the CCPA during this final, final countdown.

(Cue the 1986 song “The Final Countdown” song by the band Europe in fade.)


Tags: CCPA/California Consumer Privacy Act
Previous Post

Ransomware: Believe the Risk and Be Ready for It

Next Post

What’s Next for Compliance Enforcement?

Russ Berland

Russ Berland is a seasoned leader who creates value in an organization by leading high-performance teams in law, compliance and risk management. He works with innovative, multinational organizations and has achieved measurable and timely results in the areas of law, compliance, strategic planning, international business and risk management. As an engineer and former federal court law clerk, he achieves business objectives and solves problems via deep experience, innovation with sound judgment and effective and efficient management of people, resources and costs. Russ is Chief Compliance Officer of Aventiv Technologies in Dallas, Texas.

Related Posts

illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
silhouette of businesspeople in meeting with blue cyber background

Cyber Risk Quantification and Prioritization is the Future of GRC

January 20, 2021
miniature airplane on global currency

FinCEN’s Proposed Changes to the Recordkeeping and Travel Rule Thresholds

January 20, 2021
Next Post
What’s Next for Compliance Enforcement?

What’s Next for Compliance Enforcement?

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights