What is CCPA Compliance?
If your for-profit business processes personal information of California residents, it will need to comply with the California Consumer Privacy Act (CCPA). In practical terms, this means that almost every large enterprise in the United States must comply with the CCPA.
The CCPA went into effect in 2020. For businesses to achieve compliance, they must uphold a long list of “consumer” (California residents) rights guaranteed by the law to control the use of their personal data.
One central pillar of CCPA compliance is that businesses must honor consumers’ requests to review their personal information that is held by the business provided to the consumer. Since you must provide one year’s worth of data history, you should already have begun taking steps to comply.
Non-compliance with the CCPA can result in the business being subject to regulatory and civil enforcement actions, which can cause the business to incur substantial monetary penalties. If a consumer can prove the lack of “reasonable security procedures and practices appropriate to the nature of that information” caused the breach of their data, damages may include:
- $100 to $750 per consumer per piece of data compromised, or actual damages, whichever is greater
- Injunctive or declaratory relief
- Any other relief the court deems proper
In other words, if a business had 1,000 records stolen during a data breach, it might pay as much as $750,000 plus other damages.