California Consumer Privacy Act (CCPA) 2020 Summary

As we continue to see the repercussions of brands not upholding regulations such as the General Data Protection Regulation (GDPR) and astronomical fines for bad data management, brands, now more than ever, should start taking privacy rules seriously. The California Consumer Privacy Act (CCPA) is just one more set of rules attempting to protect consumers’ data, and there will be more to come. With 2020 around the corner, we have compiled a list summarizing what you should know:

  1. The law was approved in mid 2018 and will go into effect on January 1st, 2020.

  2. July 1st, 2020 will be the date enforcement can begin.

  3. This law aims at protecting consumers data by:

    • Granting California residents access to their personal information and the ability to decide how this information is used

    • Granting consumers the right to request that their data be deleted

    • Granting the right to opt out of the sale of the consumer’s own data

  4. The law also gives businesses a new sense of accountability by:

    • Requiring businesses to have an online privacy notice describing the data they are collecting and how they are using this data

    • Requiring certain business to have a “do not sell my data” option available on the business homepage

    • Requiring training on how to manage consumers’ personal data 

  5. As opposed to the GDPR, the CCPA law has a broader definition of personal information, which includes:

    • The standard personal identifiers

    • Internet activity

    • Education information

    • Commercial information

  6. The law applies to most businesses that process personal information from California residents.

  7. This includes any business worldwide whether they directly or indirectly receive data from California residents.

  8. The law only applies to businesses that meet one of the following criteria:

    • Businesses that have a revenue exceeding $25 million per year

    • Businesses processing  personal information from 50,000 or more California residents

    • Businesses with 50% of revenue coming from California residents 

  9. To date, this will be the strictest privacy law in the United States

  10. Penalties could range from $2,500 - $7,500 per violation.

    • Companies have 30 days to comply with the law after receiving a written notice of a consumer’s concern.

As a marketing agency, it is our job to help brands maneuver in the ever-changing digital sphere. Although, most of the time, agencies do not necessarily deal directly with personally identifiable information, we do have a responsibility to protect consumer data and help brands adhere to the new data privacy regulations. Whether it is by safeguarding data that might contain PII in a comprehensive process, carefully vetting third-party vendors and their technologies, or identifying website updates that brands need to follow, it is our job as agencies to guide brands to resources that they can leverage as they prepare for follow through. 



Let’s talk.