What is CCPA?
The California Consumer Privacy Act (CCPA) is a bill that enhances the privacy rights and consumer protection for the residents of California. The CCPA is the precursor to “America’s GDPR.” Much like GDPR, CCPA will require organizations to focus on user data and provide transparency on how that data is being collected, shared, and/or used.
Businesses that fail to comply with the CCPA are subject to civil penalties of up to $2,500 per violation and $7,500 per intentional violation. Once notified of a violation by the attorney general, companies have 30 days to come into compliance in order to avoid penalties.
Where and when does CCPA go into effect?
The CCPA took effect immediately upon Governor Brown signing the law. However, the requirements will not go into effect until Jan. 1, 2020. Under the California Consumer Privacy Act only businesses that earn $50,000,000 in revenue per year, sell 100,000 consumer records each year or derive 50% of their annual revenue by selling your personal information must comply. All businesses must comply if they collect or sell Californian’s personal information, whether they are located in California, a different state or even a different country.
Privacy notices, policies and procedures, and websites will need to be updated before the CCPA takes effect. To prepare, businesses should start reviewing the personal information collected and the locations where personal information is stored.
Why is CCPA important?
The intentions of CCPA are to provide CA residents with the right to know what personal data is being collected about them, know whether their personal data is sold or disclosed and to whom, say no to the sale of personal data, access their personal data, and equal service and price, even if they exercise their privacy rights.
As a third-party data processor, Logicbroker is a platform that stores and processes personally identifiable information (PII) on behalf of a controller. A controller is defined by the GDPR as an entity that determines how that data will be processed and for what reason.
With major platform enhancements already enacted this year, Logicbroker has maintained CCPA compliances and is already equipped to redact PII information if need be. It’s important that you audit your third party relationships and any platform that touches PII. If your third party processor(s) is not in compliance, your organization is in direct violation.
What is ‘personal information’ under the CCPA?
Similar to the GDPR, the CCPA includes a broad definition of “personal information.” “Personal information” is defined under the CCPA as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. The addition of the term “household” adds a dimension to a privacy law that is largely uncharted territory. This means that information collected by a business does not have to be associated with a name or specific individual, but rather can identify a household.
The definition of “personal information” under the CCPA also lists a wide range of standard examples that includes Social Security numbers, drivers’ license numbers and purchase histories, but also “unique personal identifiers” such as device identifiers and other online tracking technologies.
The CCPA does exclude information that is publicly available, or information that is lawfully made available from federal, state, or local government records, if any conditions associated with such information, but excludes biometric information collected without the consumer’s knowledge and personal information used for a purpose different from the one for which the information is maintained and made available in the government records or otherwise publicly maintained.
One of the most important factors for Logicbroker customers is that as a third party organization connected to a client’s systems and brokering PII, Logicbroker needs to be able to “purge” an individual customer record and (all associated info) on demand. This action deletes all PII for the given customer and can be executed via the Logicbroker web portal once the applicable customer’s order transaction is in a completed status.
Please contact your dedicated Logicbroker representative for more information or refer to our Operational Controls. Logicbroker has partnered with Microsoft Azure for application hosting, and offers encrypted communications. Built-in SSL and TLS cryptography enables clients to encrypt communications within and between deployments, from Azure to client’s on-premise data centers, and from Azure to administrators and users. Transparent data encryption (TDE) helps protect the Azure SQL Database and Data Warehouse against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest.