The California Consumer Privacy Act (CCPA) is the first U.S. regulation to follow in the footsteps of the EU’s General Data Privacy Regulation (GDPR). The CCPA was signed into law June 2018; however, the requirements of the CCPA are effective as of January 1, 2019. Ultimately, the goal of this regulation is to protect the personal information of California residents and give those residents more control over their data.
Much like the GDPR, the California Consumer Privacy Act not only affects businesses operating within the state of California, but all businesses that process the personal information of California residents. Personal information maintains a wide definition under this law, including Social Security numbers, drivers’ license numbers, and “unique personal identifiers” such as device identifiers and other online tracking technologies.
Unlike the GDPR, which applies to all businesses processing resident data, the CCPA has specific thresholds organizations must meet in order for the law to apply, such as annual gross revenue of over $25 million.
Businesses that do not comply with the CCPA are subject to penalties of up to $2,500 per violation and $7,500 per intentional violation. These numbers can be exceeded, as the California Consumer Privacy Act provides residents who are impacted by a breach the option to bring a lawsuit against the business and recover up to $750 per incident.