Eloqua,Marketo,Hubspot Certified Partner 1-855-MKTG-DOC
Contact Us

CCPA is Coming! Be prepared.

Are you ready for upcoming data privacy regulations? Assess your risks and how you can tackle them today.

Home CCPA is Coming! Be prepared.

CCPA is Coming! Be prepared.

We have identified that there are five key requirements you need to know about the California Consumer Privacy Act. Be sure to seek legal counsel and be aware that requirement violations include penalty thresholds that may expose large California-based businesses to substantial risk.

Both organizations with existing privacy capabilities, such as those developed for General Data Protection Regulation (GDPR) compliance, and those without any previous preparation may need the entire grace period before the deadline to deploy necessary capabilities. 

Companies that employ or serve California residents may find these five CCPA requirements have the biggest impact on their business:

  1. Data inventory and mapping of in-scope personal data and instances of “selling” data
  2. New individual rights to data access and erasure
  3. New individual right to opt-out of data selling
  4. Updating service-level agreements with third-party data processors
  5. Remediation of information security gaps and system vulnerabilities

GDPR vs. CCPA

In many ways the CCPA is the “American” version of GDPR as it will require organizations to focus on user data and require transparency on how they’re collecting, sharing and using such data. In our research we have found that certain aspect of GDPR overlap with CCPA but there are still several policies, processes and systems that will need updating to address differences between the two laws.

Comparison Chart: What You Need to Know

 

GDPR

CCPA
Scope

 

EU personal data processed

California residents’ personal data collect (narrower)
Right to access

 

Right to access all EU personal data processed

Right to access California personal data collected in last 12 months, delineated between sold and transferred (narrower)
Right to portability

 

Must export and import certain EU personal data in a user-friendly format

All access requests must be exported in user-friendly format, but there is no import requirement (narrower)
Right to correction

 

Right to correct errors in EU personal data processed

Not included in CCPA
Right to stop processing

 

Right to withdraw consent or otherwise stop processing of EU personal data

Right to opt-out of selling personal data only; must include opt-out link on website
Right to stop automated decision making

 

Right to require a human to make decisions that have a legal effect

Not included in CCPA
Right to stop third-party transfer

 

Right to withdraw consent for data transfers involving second purposes of special categories of data

Right to opt-out of selling personal data to third parties
Right to erasure

 

Right to erase EU personal data, under certain conditions

Right to erase personal data collected, under certain conditions
Right to equal services and price

 

At most, implicitly required

Explicitly required
Private right of action damages

 

No floor or ceiling 

Floor of $100 and ceiling of $750 per consumer per incident
Regulator enforcement penalties

 

Ceiling of 4% of global annual revenues

No ceiling – $7,500 per violation

Data Covered Under CCPA

CCPA is about the control, protection, and insight of personal data. In other words, the consumer must be aware—at the point of data collection—that information is being collected, informed as to how the data will be used and then given the option to opt-out from sharing or selling that personal data.

CCPA defines “personal information” as:

  • Name
  • Address
  • Personal identifiers
  • IP address
  • Email address
  • Social security number
  • Drivers license number
  • Passport number and similar identifiers

Additionally, there are restrictions on collecting data pertaining to class information, personal property, products and services purchased, purchasing history, browsing history, geodata, biometric data, profiling, employment, and education-related data. Basically, if data can be tied back to a person or identifies an individual, it’s considered “personal data” and is protected by CCPA.

Note that personal information does not include publicly-available information from state, federal or local governments, but the caution here is how you intend to use that data and if that purpose is compatible with the other criteria of CCPA.

Need to assess if you have the right programs, systems, and processes in place to ensure CCPA (or GDPR) compliance? Contact us to determine how you can minimize your risk before it’s too late!

 

Sources:

https://www.irmi.com/articles/expert-commentary/a-summary-of-ccpa-of-2018

https://oag.ca.gov/privacy/ccpa

https://www.caprivacy.org/

/ Compliance, Data Management, Marketing / Tags: , , , , , , , , ,

Share the Post

About the Author

Zeina Koinis

Related Posts

Read More
Syncing Marketo Program Statuses with Salesforce Campaigns
Read More
Six Tasks in 60 Days – How To Wrangle Your Inherited MAP
Read More
Oracle Eloqua User Group February 2020 Recap
Read More
Fuel Your Fundraising: Marketing Automation in the Non-Profit Sector
Read More
CASL’s Expensive Smack Down
Read More
Using Analytics to Measure Inbound Marketing Success
Read More
The down low and what you need to know… about Eloqua’s Salesforce integration app
Read More
Not All Cookies Are Created Equal: Internet Cookies and Their Impact on Your Business

Comments

No comment yet.

Leave a Reply

Your email address will not be published. Required fields are marked *