If your startup is a data or software company, this new law is something that will affect your business.
Even though Silicon Valley pushed hard against the law and continues to do so, it means that Americans across the board will enjoy a new set of privacy rights, while your company may have changes ahead.
In this article, we look at what startups should know about the California Consumer Privacy Act. First, let’s look at its definition.
The California Consumer Privacy Act (CCPA)
It is a landmark privacy law that literally flew through the California legislature.
Before this act, companies could do a wide range of things with consumer data. The only way they might get into trouble is if they got hacked or they did something inappropriate with the data.
Now, Americans are going to enjoy new protections. This means your customers can now ask you to disclose what data you are collecting by using a website or picking up the phone. Companies will have to put a “Do Not Sell My Personal Information” button on their website and delete the data if a consumer asks them to.
In addition, business won’t be able to refuse service or charge a higher price when consumers request their rights.
Basically, the CCPA allows consumers to force companies to tell them what personal information they are collecting, delete that data, and forbid them from sharing it with third parties.
As a business, you will have to tell consumers upfront what data you are collecting.
Is the CCPA Just in California?
In the most technical of terms, yes, it’s a state law that applies to all companies that do business in California.
But, if your start-up sells to Californians, you will have to comply as the privacy law covers out of state businesses who sell to people in California.
Does This Apply to Your Company?
The CCPA applies to large businesses or to companies that make the sale of data an integral part of their business. They include:
- Companies that have more than $25 million in gross revenue
- Businesses who have data on more than 50,000 consumers and engage in the buying, receiving, and sharing of that data
- Companies that make more than 50% of their revenue selling personal consumer data
Bottom line: if you have a website, and you get 137 unique visitors per day (around 50,000 per year), and you collect the visitor’s IP addresses, you fall under the CCPA.
If you don’t fit into one of these categories, you may be free from the law for the time being.
Are There Fines?
Yes, and they are quite hefty. In fact, they can be $2,500 per violation. The California legislature intends the punishments to be doled out on a per person basis, although the Attorney General can adjust the amounts downward.
What’s more, if the government finds the violations to be willful, the penalty rises up to $7,500 per violation. If a company intentionally sells the data of 50,000 or more consumers and doesn’t disclose it, they can face fines up to $375 million.
Consumers can even sue businesses when there is a data breach for an amount between $100 and $ 750 per incident. Ultimately this could cost a large business billions of dollars.
For many consumers, there will be an increase in the transparency of data collection. For businesses, it means you’ve got a lot of work to do behind the scenes to set everything up according to the law.
This may affect startups and businesses in many tangible ways. For example, if a business asks for an email address to hand over a white paper, that may now fall under this new California law.
The law may even spread beyond the borders of California and change much of how the tech industry does business.
If you are affected, start working on your compliance initiatives now before the law takes effect in January.
Are you a new startup ready to succeed? Are you looking to get your new business off the ground and watch it rise to success? We are here for you. We can help answer your questions and guide you through the process. Outsource your HR duties, finances, payroll and more to us. Contact Escalon today to get started.