CCPA Enforcement Begins

One thing the pandemic hasn't affected is the beginning of the enforcement of the California Consumer Privacy Act (CCPA), which went into effect July 1, despite requests from some business groups to delay it because of the coronavirus. This now means companies that violate CCPA’s personal privacy protection requirements are subject to direct action from the California Attorney General.
 
CCPA is a California statute that grants California consumers robust data privacy rights and control over their personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that businesses collect, as well as additional protections for minors. Its compliance requirements, however, stretch beyond the Golden State’s borders. Just like the European Union’s General Data Protection Regulation (GDPR), businesses don't need to be physically located in the actual jurisdictional geographic area to be covered by the law. Businesses everywhere that meet certain criteria have CCPA responsibilities if collecting personal data from California residents — even if it is only the IP addresses of website visitors for Google Analytics.
 
The law has been in effect since January 1, 2020. Up until the beginning of July, legal action has been limited to civil lawsuits launched by consumers against offenders. But with enforcement starting, businesses, including any for-profit entity, must ramp up their accountability or be subject to fines as much as $2,500 per incident for incidental violations, and $7,500 per incident for intentional violations.
 
Our Take. Government mandated security and privacy requirements for companies and their websites are nothing new. For years, Trivera has helped clients comply with banking regulations, credit card security (PCI-DSS), health care privacy (HIPAA), and of course, data privacy (GDPR) standards. CCPA is just the latest. But what digital marketers need to realize now is that CCPA is indicative of what’s to come. CCPA might not affect your business today but new iterations with stringent data protection standards might. With the passage of CCPA, the heat is on for local lawmakers to introduce more consumer-focused privacy laws. The days of casually collecting and keeping personal data are over for marketers. Therefore, we’re taking CCPA as a signal. We think a wave of new privacy protection laws is about to sweep over the nation and state-specific regulations are coming. We also think this is an opportunity. 

The writing is on the wall; more rigid data privacy legislation is on its way. So, get ready for it. Don’t view these measures as mandatory burdens, but as a chance to build trust with customers. Audit and update your privacy policies, put protocols in place to respond to consumer deletion requests and define ways to handle opt-in waivers. Start being transparent about the data being collected, about how it’s being used and stored. 

The fine print. By the way, we are digital marketing consultants, website developers and designers, SEO experts, email specialists, PPC and HubSpot-trained technicians and Google-certified businesspeople. We aren’t lawyers. Reader of this blog post should contact their own attorneys for advice on privacy matters. It’s extremely important to research the rules and regulations of data protection in your location. Make sure you know the rules. We’ll make sure you follow them.
 

About Tom Snyder

Tom Snyder, founder, president and CEO of Trivera, a 24 year old strategic digital marketing firm, with offices in suburban Milwaukee.  Tom has been blogging since 1998, sharing the insight gained from helping businesses and organizations reinforce their brands by taking full advantage of digital and Web technology as powerful tactics in their marketing and communications strategy.

Photo Credit: Adobe Stock

Share this article