CookiePro Blog February 26, 2020

CCPA is in Full Effect, Enforcement Delayed

The California Consumer Privacy Act (CCPA) was officially enacted on January 1, 2020. However, the act was amended to delay the Attorney General (AG) from enforcing penalties for violations. This was intended to allow companies to adjust their policies to comply with the new regulation. 

The AG, responsible for enforcing civil penalties on those who violate the act, has until July 1, 2020 before they can charge violators. On July 1, 2020, companies can officially be held liable for infractions to the CCPA by the AG of California.  

Under the CCPA, the AG has the authority to enforce civil violations of the CCPA. This can include use of personal data in a way that does not comply with the CCPA. The AG can mandate that the company comply by adjusting their policies to fit the CCPA, and they can also enforce a civil penalty up to $2,500 for each violation and up to $7,500 per “intentional violation.” 

Companies who meet one or more of the following criteria are required to comply with the CCPA: 

  • Makes more than $25M in annual revenue 
  • Collects information on 50,000+ individuals or devices 
  • Any business that makes more than 50% of its annual revenue from the sale of personal information 

The 30-day Courtesy Period 

The CCPA gives organizations the ability to correct violations within 30 days before the AG can officially enforce the penalty. The AG will give the violators 30 days to fix the violations and become compliant. If the AG chooses to give the company a 30-day cure period, the company will have 30 days to fix the violations and respond to the notice. 

The AG can also issue notices of noncompliance prior to the AG enforcement date. However, after July 1, 2020, the AG can officially charge violators per violation. The AG can also bring enforcement retroactively for violations between January 1, 2020 and July 1, 2020. They’re most likely to give leeway to businesses that can demonstrate their efforts to comply with the CCPA. 

Steps to CCPA Compliance 

Companies should make concerted efforts to comply with the CCPA as soon as possible. Before July 1, 2020, companies can still be held accountable for disregard of the CCPA when handling the personal data of users in California. Companies should take responsibility for providing users in California with information about how they’re obtaining user data, what data they’re collecting, and who they’re sharing the data with.  

CookiePro allows organizations to take the following steps to compliance with the CCPA: 

  1. Scan your website for cookies that could be collecting data and sharing it with third parties. 
  2. Customize a cookie banner and preference center to disclose information and policies to website visitors. You can also allow users to withdraw consent at any time. 
  3. Automate the intake and fulfillment of California consumers’ requests to access or delete their personal information.  
  4. Track “Do Not Sell” requests from users and respond within the 45 days required by the CCPA. 

Businesses will need to ensure their privacy practices are in place. CookiePro helps with compliance in an easy-to-implement solution. 

Onetrust All Rights Reserved