The California Consumer Privacy Act (CCPA) went into effect January 1, 2020, and is likely to have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect in 2018. Full enforcement of the CCPA by the attorney general (AG) begins in July, so there’s very little time for affected companies to complete their compliance initiatives.
CloudBlue was an early leader in compliance with GDPR, and we’ve remained out in front to ensure our customers are prepared for CCPA. Here’s a quick overview of who’s affected by CCPA, what’s required and the ways CloudBlue has your enterprise covered.
Who’s affected?
Companies don’t have to be based in California or have a physical presence there to be affected. They don’t even have to be based in the United States. The CCPA affects:
- Companies that serve California residents and have at least $25 million in annual revenue
- Companies of any size that have personal data on at least 50,000 people
- Companies that collect more than half of their revenue from the sale of personal data
What’s required?
Under CCPA, California residents have the right to:
- See all the information your company has saved on them, as well as a list of all the third parties you may have shared that data with
- Opt-out of such shares or sales of personal information
- Request deletion of their personal information
- Exercise their privacy rights without being discriminated against (price or service)
Fines for noncompliance can be steep. The private right of action in the CCPA is limited to data breaches. Under the private right of action, damages are between $100 and $750 per consumer, per incident. Also, the California AG can enforce the CCPA in its entirety with the ability to levy a civil penalty of not more than $2,500 per violation or $7,500 per intentional violation.
How do I comply?
In general, if you took the steps needed to comply with the GDPR, you’re most of the way there for the CCPA. In short, you’ll need to:
- Implement processes and procedures to authenticate and respond to consumer requests
- Offer at least two methods for consumers to make requests to exercise their rights, including a toll-free phone number and a web/email address
- Update disclosures in your privacy policies at least annually
How we have you covered
CloudBlue is fully GDPR compliant and extends the same protections to CCPA compliance. CloudBlue provides a broad set of functionalities that allow your data protection officer to enforce CCPA compliance—in particular, the ability to look up and erase personal data for given entity IDs across the platform, modules and services.
This is in addition to CloudBlue’s already expansive security protocol, including endpoint protection, vulnerability controls, perimeter security, and authentication and access controls.
Why it matters
While the CCPA covers California residents, dozens of other states are currently considering similar legislation and it’s widely expected the movement will culminate in a national privacy act. In addition, more than 80 countries have now adopted comprehensive data privacy laws.
CloudBlue is no stranger to the global digital economy—we’re currently powering more than 200 of the world’s largest service providers with 30 million cloud subscriptions. We make security our highest priority and provide our customers with the tools, platforms and programs to help them do the same.
To learn more about CloudBlue, please visit www.cloudblue.com.
Note: This article provides a brief overview of the legislation and its requirements and is not to be considered an exhaustive analysis. There are multiple online resources that provide detailed compliance information.
