California Consumer Protection Act (CCPA)
Preparing for the California Consumer Protection Act (CCPA)
At Visier, protecting our customers’ data is our highest priority. We take our data protection obligations seriously and are committed to continually enhancing our efforts towards meeting privacy and security best practices and demonstrating ongoing compliance with global data protection laws and regulations. This includes taking the necessary actions to comply with the California Consumer Protection Act (CCPA).
About the California Consumer Protection Act
The California Consumer Protection Act (CCPA) was enacted in 2018 and takes effect on January 1, 2020. Proposed regulations to help operationalize the CCPA were introduced on October 10, 2019. CCPA is the first comprehensive privacy law in the United States and applies to companies that collect personal information about California consumers and that meet at least one of the following thresholds:
- Gross annual revenues of $25 million or more;
- Derive 50% or more of their annual revenue from selling consumer personal information;
- Buy, sell or share the personal information of 50,000 or more consumers, households or devices for commercial purposes.
Covered businesses that collect, transfer and sell personal information must:
- Be transparent about their data handling practices through privacy notices before, or at the point of data collection;
- Support consumer rights to access, deletion and portability;
- Allow consumers to opt out of the “sale” of their personal information; and
- Ensure that consumers are not discriminated against for exercising their rights under the CCPA.
The CCPA is broad in scope and covers new types of data including IP addresses, usage, geolocation data, and internet browsing activities. Aggregate consumer data and de-identified information is excluded from the CCPA provided that the data cannot be re-identified. There is a one year moratorium on certain CCPA requirements relating to employees, job applicants, contractors and agents but still requires employers to comply with the privacy notice obligation and reasonable security provision. California is expected to introduce an employee data protection law in 2020.
The California Attorney General will enforce the CCPA beginning July 1, 2020. Consumers will also have a private right of action in the event of a data breach if companies fail to adequately protect their personal information under the requirements of the CCPA.
What is Visier doing to prepare for the CCPA?
Visier has actively monitored CCPA developments and the recently proposed regulations. We are assessing impacts across the business and taking actions to address the applicable requirements. We are leveraging our General Data Protection Regulation (GDPR) compliance efforts to help meet the CCPA requirements, recognizing that there are some new and different obligations. We will continue to monitor CCPA changes, forthcoming guidance, and adjust our action plans accordingly.