With the California Consumer Privacy Act (CCPA) fully in force as of July 1, it is now more important than ever for small businesses to ensure that they are fully aware of their responsibilities and the steps they need to stay to stay compliant.
The law, which grants California consumers data privacy rights, isn’t just for Californians. Any business that has an annual revenue of more than $25 million, that buys, sells or receives personal information of more than 50,000 people, or that earns half its revenue from selling customer data that includes California consumers will need to comply or else be subject to fines.
While this means the family-run hardware store is likely in the clear, high-growth small businesses will need to take action. By taking privacy-minded steps to become CCPA compliant, small businesses are likely to be less desirable to hackers.
We sat down with Logan Kipp, Director of Sales Engineering at SiteLock , to discuss his insights. Logan is responsible for building and overseeing a team of Sales Engineers responsible for the technical integration of SiteLock’s channel partners from the pre-contract stage through continued support post-integration. Prior to SiteLock, Logan was a Cybersecurity Content Writer at InfoSec Island and a Consultant at GoDaddy.
1. What are these small businesses responsible for now that enforcement has begun?
The California Consumer Privacy Act, or CCPA, encourages transparency in businesses and requires these companies to report data breaches to consumers with the aim of better protecting these consumers and their personal information. This law applies to any business worldwide that receives personal details and data from any California residents either directly or indirectly. The law also applies to business that meet at least one of the following additional criteria:
Make an annual revenue of more than $25 million (USD) in total (not just in CA)
Receives personal data from at least 50,000 California residents’ consumers, devices, or households per year, and lastly
Obtains 50% more of its annual revenue from the sale of personal information about California residents.
Now that enforcement has begun, these businesses will be held accountable if they fail to follow the CCPA and report breaches. They can be fined up to $2,500 per negligent violation or up to $7,000 per intentional violation.
2. What steps can small businesses take to ensure that they comply with CCPA?
Due to the CCPA parameters, small family-run stores are likely in the clear, but high-growth small businesses will need to take action to become CCPA compliant. To ensure they comply, these businesses should prepare to enhance their privacy protections and update their privacy policies. Organizations must also implement reasonable security measures in order to protect their consumers’ personal information. And, to ensure that no missteps are made, training employees on CCPA compliance is key.
3. What advice would you give to companies that have yet to prepare for the new legislation?
If that is not enough of an incentive, businesses need to be aware that the CCPA allows consumers to take better control of their data and control whether companies can utilize or sell it. If a consumer finds that an organization does not comply, and has proof that their information was taken or accessed, they can sue the company for its failure to maintain reasonable security procedures. With non-compliance posing such a large financial risk, companies that are not prepared need to act quickly before it’s too late. Walmart, Houseparty and Zoominfo realized these consequences and have already been sued for their failure to comply with the CCPA.