You might be surprised at how much data is flowing through your company. Accounting data, bank accounts, EDI accounts, names and addresses are all data. In the eyes of the State of California that data is now subject to the California Consumer Privacy Act (CCPA) and it poses some challenges companies doing business in California, but also companies who do business with constituents in California.
Let’s start with the baseline. CCPA only applies to companies that earn more than $25 million in gross revenue. The other hurdle is that it applies to companies who have data on more than 50,000 people or who earn more than 50 percent of their revenue from selling (or bartering or exchanging for advertising) consumer data. For every company that meets these criteria there are myriad paths to compliance. In fact, because the law is so new, there is some disagreement on who has to comply and how.
It is likely that if the law applies to you the management team has already been working since the law was passed to ensure that the basic compliance requirements are met. As you begin your Self Check-up for the start of 2020, consider these points:
For Printers:
For vendors: Most enterprise class vendors have legal teams that are watching data privacy legislation carefully and have been adding opt-in and opt-out options for data collection since the European data protection acts began to emerge. However, many Independent Software Vendors and consultancies may meet the revenue bar for compliance, so take the time to identify what data is being collected, how it is being stored, how it is being used, and if you should be adding options for your customers to limit the data you collect and use.
This year will bring a requirement for data vigilance. Even companies that fall below the financial hurdles and believe that they do not meet the requirements for compliance based on how they use data should be keeping an eye on what happens in California. Other states are watching, as are federal regulators.
