California Consumer Protection Act (CCPA)

Visier is committed to enhancing trust by complying with applicable data protection laws and regulations including the California Consumer Protection Act (CCPA).

Complying with the California Consumer Protection Act (CCPA)

At Visier, protecting our customers’ data is our highest priority. We take our data protection obligations seriously and are committed to continually enhancing our efforts towards meeting privacy and security best practices and demonstrating ongoing compliance with global data protection laws and regulations. This includes monitoring emerging regulations and taking the necessary actions to comply with the California Consumer Protection Act (CCPA). For more information see Visier’s CCPA Privacy Notice. We encourage our customers to seek counsel on how the CCPA may affect their business.

About the California Consumer Protection Act

The California Consumer Protection Act (CCPA) was enacted in 2018 and took  effect on January 1, 2020. The Proposed regulations to help operationalize the CCPA were introduced on October 10, 2019. CCPA is the first comprehensive privacy law in the United States and applies to companies that collect personal information about California consumers and that meet at least one of the following thresholds:

  • Gross annual revenues of $25 million or more;
  • Derive 50% or more of their annual revenue from selling consumer personal information;
  • Buy, sell or share the personal information of 50,000 or more consumers, households or devices for commercial purposes.

Covered businesses that collect, transfer and sell personal information must:

  • Be transparent about their data handling practices through privacy notices before, or at the point of data collection;
  • Support consumer rights to access, deletion and portability;
  • Allow consumers to opt out of the “sale” of their personal information; and
  • Ensure that consumers are not discriminated against for exercising their rights under the CCPA.

The CCPA is broad in scope and covers new types of data including IP addresses, usage, geolocation data, and internet browsing activities. Aggregate consumer data and de-identified information is excluded from the CCPA provided that the data cannot be re-identified. There is a one year moratorium on certain CCPA requirements relating to employees, job applicants, contractors and agents but still requires employers to comply with the privacy notice obligation and reasonable security provision.

The California Attorney General began enforcement of the CCPA on July 1, 2020. Consumers also have a private right of action in the event of a data breach if companies fail to adequately protect their personal information under the requirements of the CCPA.