Data protection and ensuring overall clients’ trust is at the core of Mintegral’s business principles. Accordingly, CCPA compliance is our top priority and we encourage you to read through the FAQs below.
- 1. What is CCPA?
- The California Consumer Privacy Act (CCPA) is the first comprehensive privacy law in United States. It was signed into law at the end of June 2018 and provides a variety of privacy rights to California consumers. Businesses regulated by the CCPA will have a number of obligations to those consumers, including disclosures, an “opt-out” for certain data transfers and an “opt-in” requirement for minors. The CCPA goes into effect on January 1, 2020.
- 2. Who does the CCPA affect?
- The CCPA applies to companies doing business in California, which annually satisfy one or more of the following: (1) have a gross revenue of more than $25 million, (2) derive 50% or more of its annual revenue from the sale of consumer personal information, or (3) buys, sells, or shares the personal information of more than 50,000 consumers.
- 3. What constitutes personal data under CCPA?
- Personal data is any information relating to an identified or identifiable person. There is no distinction between a person’s private, public, or work roles. The defined term “personal information” roughly lines up with “personal data” under GDPR. However, CCPA also includes family and household data.
- 4. Am I a data controller or a data processor?
- A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
- 5. What are the main CCPA requirements for businesses?
The main CCPA requirements for businesses are:
- • Disclose collection. A business must disclose the categories and purposes of collecting personal information. When receiving a verifiable consumer request, they must also disclose the specific pieces of personal information they have collected.
- • Provide the right of deletion. A business must inform consumers of their right to request the deletion of their personal information the business has collected and comply with such a request.
- • Give consumers the opportunity to exercise their rights. For example, the business must provide two or more designated methods for consumers to submit requests. It must also include a “Do not sell my personal information” link on a prominent place of the website’s homepage.
- • Comply with consumer requests. A business must comply with a verified consumer request within 45 days. If the business can’t comply for some reason, it must inform the consumer.
- • Respect consumers’ rights under CCPA. This includes the right to access, the right to deletion, the right to data portability, the right to opt-in (for minors) and the right to opt-out.
- 6. How can Mintegral Partner prepare for CCPA enforcement?
Should you have further queries, please visit the website of the State of California Department of Justice at: https://oag.ca.gov/privacy/ccpa.