The Impact of CCPA on the Technology Sector
In 2018, California enacted the California Consumer Privacy Act (CCPA), a regulation designed to help protect personal data. The act, which goes into effect on Jan. 1, 2020, will require that businesses:
- Disclose what personal information is collected and whether (and to whom) it is sold
- Stop the sale of data
- Provide collected personal data when requested by consumers
- Erase personal data on request
This act will significantly affect the technology sector as it places restrictions on how organizations use, collect, and share third-party data. As more consumer data is digitized and shared across various platforms, technology companies will need to develop new processes for mapping data so they can:
- Track how data is collected and shared
- Respond to customer requests regarding data
- Revise the technical capabilities of information systems to handle those requirements
For many technology companies, compliance with CCPA may be an onerous and complex initiative, but one that can also strengthen trust and loyalty among consumers. To minimize costs associated with CCPA compliance and safeguard against cyberthreats and potential penalties, companies will need to take proactive steps in developing a data privacy program that can help implement the technology, processes, and people necessary to comply with this new regulation.
CCPA applies to any business that collects the data and personal information of California residents and meets one of the following conditions:
- Has $25 million or more in annual gross revenue
- Alone or in combination, annually buys, receives for the business’s commercial purposes, sells or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices
- Derives 50% or more of annual revenue from selling consumers’ personal information
- Takes effect on Jan. 1, 2020
- Applies to most companies with California-based assets or customers
- Significantly expands the definition of “personal information” to cover almost any consumer-related data that a company collects or maintains
- Requires consent to sell the personal information of children aged 13 – 16
- Will be enforced by the California attorney general with civil penalties up to $2,500 per violation after a 30-day cure period or up to $7,500 for each intentional violation
Disclosure
Upon request, businesses must disclose the data that they collect, the purpose for collecting the data, and the categories of third parties that share the data.
Consumer access and data portability
Upon request, businesses must take steps to disclose and deliver to consumers their personal information, free of charge, in a portable and “to the extent technically feasible” format that allows the consumer to easily transmit their personal information to another entity.
Opt-out rights
Consumers have the right to ask businesses to stop selling their personal information, and businesses are prohibited from discriminating against the consumer for exercising this right.
Deletion
Consumers have the right to ask businesses to delete their personal information upon receipt of a verified request.
Related Services
-
InsightTraps and trends of the Qualified Small Business StockShaune ScutellaroThe pitfalls around chasing the benefits of Qualified Small Business Stock are increasing each time the IRS or Congress has it in their sight. It’s important to understand what may be on the horizon. Learn more.
-
Press ReleaseSchultz named to San Diego Business Journal’s Women of InfluenceSan Diego Business Journal’s Women of Influence in 2023 Accounting & Finance list includes CohnReznick Assurance Partner Kayla Schultz.
-
InsightNavigating the state tax landscape: Three areas growing tech companies should focus onShaune ScutellaroAs technology companies grow they not only have to navigate seed rounds, angel investors, public offerings, and more. They also have to navigate state tax laws. Learn more
-
InsightReady to go global? Ask yourself these tax questions first.With U.S. technology companies inevitably moving to expand internationally, it’s critical to know the tax implications. Learn more.
-
InsightWhat fintech companies need to know about the convergence of cybersecurity and data privacyAlex Castelli, Bhavesh Vadhani, Deborah Nitka and Asael MeirWith more laws and regulations being introduced, poor cybersecurity and privacy practices are not acceptable. We detail what fintech companies need to know. Learn more.