When Does The CCPA Take Effect?
The California Consumer Privacy Act of 2018 (CCPA) has somewhat of a misleading name. The date, 2018, actually refers to when the law passed legislation. Not when it becomes effective. Needless to say, it’s leaving a lot of businesses asking, “When does the CCPA take effect?”
Here’s the deal:
Beginning January 1st, 2020, the CCPA officially goes into effect. That means, if you haven’t already taken the proper steps to become CCPA compliant, you are running out of time! But, before you start to panic, let’s learn a little more about the CCPA, including the “grace period” you have to become compliant.
The CCPA Takes Effect On January 1st, 2020, But…
With the CCPA taking effect on January 1st, 2020, many business owners are scrambling to bring their websites into compliance. Although, business owners should be aware that there is a six month period following January 1st which they have to fulfill CCPA requirements.
In fact, the CCPA explicitly states:
“The Attorney General shall not bring an enforcement action under this title until six months after the publication of the final regulations issued pursuant to this section or July 1, 2020, whichever is sooner.”California Consumer Privacy Act
So, while the CCPA technically takes effect on January 1st, 2020, you will have until July 1st, 2020 before you are at risk of penalties.
That’s good news if need more time to become compliant. While six additional months may sound like plenty, don’t be tempted to put off becoming compliant. As technical as the bill is, the process of becoming compliant can be lengthy. You might think you have plenty of time, but it goes by fast!
Staying On Top Of The Legislation After The CCPA Takes Effect
As with any piece of legislation, the CCPA is subject to amendments. So, once you’ve become CCPA compliant, you’ll still need to stay alert and monitor the legislation for any future changes to the law.
In other words, once the effective date, as well as the “grace period” has passed, you could still be at risk of being non-compliant should an amendment be made which you were not aware of and that made your website non-compliant.
Be On The Lookout For Similar Legislation Coming From Other US States
In all likelihood, California is blazing the trail for more US states to pass their own versions of the CCPA. Presently, nine different states are working on similar legislation, with additional states expected to join the consumer privacy rights movement as well.
Fortunately, being CCPA compliant will also likely reduce the workload in the event additional states pass similar consumer privacy standards.
A Brief Introduction To The California Consumer Privacy Act of 2018
By now, you likely already know the gist of the CCPA. If not, we suggest reading the following articles:
We’ll cover some of what these two resources include here in this article. But if you would like to take a more comprehensive look into the subject, they are excellent, in-depth supplements to your CCPA compliance research.
The CCPA is a piece of legislation passed in the state of California that sets specific standards and requirements for any business collecting personal data of California residents. It established and grants all California residents certain rights when it comes to how companies collect, store, and use consumer data.
At the time of writing this article, the massive CCPA bill is the strictest set of data privacy regulations in the entire United States. There are also presently 9 additional states working on passing similar legislation of their own.
The CCPA is quite similar to the General Data Protection Regulation (GDPR)—the European legislation that protects consumer data privacy. And, although it is similar in concept to the GDPR, there are certain differences. That means, if you’re already GDPR compliant, don’t think you will be automatically CCPR compliant.
Who Needs To Be CCPA Compliant?
Don’t think that your business doesn’t need to be CCPA compliant just because you are not based in California. Regardless of whether a business is located in the Golden State or not, if they are collecting personal information from California residents then they may still be required to comply with the legislation.
What is a “California resident according to the CCPA? “The term “resident,” as defined in the law, includes (1) every individual who is in the State for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State who is outside the State for a temporary or transitory purpose. All other individuals are nonresidents.”Section 17014 of Title 18 of the California Code of Regulations a California
These are the determining factors used when understanding which business will need to follow CCPA requirements. As previously mentioned, the first qualifier is whether or not your company collects personal data from California residents. But, that doesn’t automatically mean they must be CCPA compliant. The business, as well as its parent company and subsidiaries, should also meet one or more of the following thresholds:
- Makes a gross annual revenue of $25MM or more
- Acquires personal information form 50,000 or more California residents, households, or devices each year
- Fifty percent or more of the annual revenue comes from selling personal information on California residents (these businesses often referred to as data brokers)
Again, your company only needs to meet one of the above thresholds to fall into the must-be-CCPA-compliant category.
What is “personal data” according to the CCPA? The California Consumer Privacy Act defines personal data as: …information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.”
If that sounds a little vague, you can read the entire comprehensive list of what “Personal data” all entails in this blog post. At the most fundamental level, personal data can be real names or aliases, postal and email addresses, unique personal identifiers, online identifiers, Internet Protocol addresses, account name, social security number, driver’s license number, passport number, and many other similar identifiers.
What Your Website Needs Before The CCPA Takes Effect
FURTHER READING: How To Prepare To Be CCPA Compliant
Now, that advice aside, it never hurts to be informed about topics that affect your business as much as the CCPA does. So, let’s go over a few more of the must-knows. Although not a comprehensive look at the massive bill, the following should give you a fundamental understanding of CCPA compliance.
One of the biggest aspects of any CCPA compliance project is reviewing and revising privacy policies. We suggest starting here because it provides an explicit breakdown of your current privacy protocol. You will be able to work through the policy and pick out then change the parts that need to be changed to become compliant.
Educate Consumers About Their Rights
You must also give them a way to opt-out of providing their personal information.
Make Your Policy As Clear As Possible
Yes, You Can Be Fined For CCPA Non-Compliance
A simple oversight could end up costing you a pretty penny in fines and court fees should you be found in violation of the CCPA. Depending on the type of violation—unintentional or intentional—businesses found to be violating any part of the California Consumer Privacy Act can face fines.
A civil penalty of up to $2,500 can be made for each violation of the CCPA. That maximum fee jumps quite a bit if the violation was found to be intentional. In that case, businesses will face up to a $7500 fine per violation.
In addition to the civil penalties above, a consumer can bring forth a civil action that could cost businesses $100 to $750, or actual damages, per incident should your company be in violation of the CCPA.
Paying civil penalty and civil action costs adds up quickly given each is collected on a per-incident basis. That’s why it pays to get your site compliant before the CCPA takes effect.
Work With A Reputable Web Design Agency
If your website still isn’t CCPA compliant, it’s time to call in the professionals. If you need a hand bringing your website into CCPA compliance, contact one of our experts—we are here to help.