By: Eyeota
CCPA will come into force on January 1, 2020 so how will this affect you? Increase your knowledge and understanding of the key points of this new legislation by checking out our short guide to CCPA.
CCPA Key Highlights
In Scope
CCPA applies to businesses that operate in California and cross the following revenue or collection thresholds:
• Annual gross revenues over $25M
• Annually buys, receives, sells, or shares personal information of over 50,000 California consumers, households,
or devices
• Derives at least 50% of annual revenue from selling California consumers’ personal information
Personal Information
The definition of personal information includes data that can be linked directly or indirectly to a consumer or
household.
Access & Deletion Rights
Consumer-given right to disclosure, deletion, access, opt-out and non-discrimination. CCPA defines data
processing as any operation or set of operations which is performed on personal data or on sets of personal
data, regardless of automated means. Consumers in California will be able to know the “who, what and why”
around their personal information.
Deletion
Consumers have the right to delete data that a business has collected from them.
Opt-Out
Consumers can opt out of the sale of their data by directing a company to not sell their personal information. Opt-out must last one year.
Response Times
Companies have 45 days to respond to consumer data requests.
Fines
Organizations can be fined up to $7,500 per intentional violation in the event of a data breach. Requires businesses and others to report data breaches to consumers and individuals.
Age Requirements
CCPA raises Children’s Online Privacy Protection Rule (COPPA) age requirement from 13 to 16 years old.
Description of Key Terms
Access: The user’s right to “see” information that companies have compiled about them
Choice: The user’s right to make decisions about how companies may use their information
Do Not Sell My Data Button: A mechanism that enables users to exercise choice regarding all personal information compiled by a company
Personal Information (as defined under the CCPA): Telephone number, email address, postal code, cookie ID, mobile ad ID, IP address and other inferences used to create a profile about a consumer reflecting the consumer’s preferences, behavior, attitude and abilities
Three Types of Entities Under CCPA
• Business – Entity that “collects” personal information
• Service Provider – An agent of the business that uses data only as directed by the business
• Third Party – Uses data for its own purposes
Source: PWC
Download a copy of the Eyeota CCPA Highlights Summary here:
If you have any questions about Eyeota's response to CCPA, contact privacy@eyeota.com.
We see that you have the Global Privacy Control enabled in your browser. We have turned off all but "Required" cookies which are necessary to enable the basic features of this site to function. If you wish to further exercise any applicable data subject rights (DSR) please complete the form available at Your Privacy Choices. For further information on how Dun & Bradstreet uses your personal information, please see our Cookie Policy.
