Like you already know, the CCPA is California’s response to privacy laws from close neighbors such as Ohio, Massachusetts, and distant acquaintances such as the European Union’s GDPR. Majorly, the body of laws sets down rules regarding disclosures that organizations can or can’t make -including the discontinuance of the selling of California residents’ personally identifiable information (PII). Just as well, it clothes California residents with a collection of brand new privacy rights. What’s more, the law is now in force and everyone is scrambling to ensure they are in compliance.
There are CCPA regulatory compliance that helps to guarantee the effectiveness of the statute. Before moving onto these regulatory compliance and their penalties, let’s look at the metrics with which corporate entities on whom the CCPA are binding can be deciphered. Businesses on whom the CCPA is binding must fulfill at least one of the following criteria:
- 50% or more of the business organization’s annual revenue accrues from the sale of consumer personal information.
- The annual gross revenue of the business stretches over $25 million.
- The business annually purchases, sells, or shares the data of 50,000 or more of her consumers, household, or devices.
Businesses that intentionally go against the privacy stipulations of the Act are handed a maximum fine of $7,500. For those who violate the laws without intent, theirs is tempered to a maximum fine of $2,500.
To cap it all, the CCPA regulatory compliance vests on injured consumers the right to bring lawsuits against businesses. So say, the unredacted or unencrypted data of a consumer is breached, for example, the right to sue becomes exercisable – irrespective of the harm done to their data. However, damages are capped to between $100 and $750 for each event. Although an injured consumer can receive damages that are in excess of $750 if the proven data breach is very severe.
In all, Californian businesses that trade or deal in consumer data, need to exercise necessary restraint and not run foul of the law -in order not to be victims of the CCPA regulatory compliance. Of course, the urge to drive in more profits may be irresistible sometimes, but still, organizations need to flow with the tide of the CCPA.