What is CCPA Compliance?
If your for-profit business does business in California or with California residents, it will need to comply with the California Consumer Privacy Act (CCPA). In practical terms, this means that almost every large enterprise in the United States must comply with the CCPA.
The CCPA went into effect in 2020. For businesses to achieve compliance, they must uphold a long list of “consumer” (California residents) rights guaranteed by the law to control the use of their personal data.
One central pillar of CCPA compliance is that businesses must honor consumers’ requests to review their information in your databases. Since you must provide one year’s worth of data history, you should already have begun taking steps to comply.
Non-compliance with the CCPA can result in serious consequences, ranging from monetary penalties to civil charges. If a consumer can prove the lack of “reasonable security procedures and practices appropriate to the nature of that information” caused the breach of their data, damages may include:
- $100 to $750 per consumer per piece of data compromised, or actual damages, whichever is greater
- Injunctive or declaratory relief
- Any other relief the court deems proper
In other words, if a business had 1,000 records stolen during a data breach, it might pay as much as $750,000 plus other damages.