What you Should Know about the CCPA
1. Le calendrier réglementaire
2. Les Objectifs d'IDD
Ambitions de la directive IDD
Opportunités de la directive IDD
Objectifs de la directive IDD
4. La réalité du marché et nos convictions
The CCPA is designed to protect California residents’ personal information from the threats of unwanted disclosure, sharing, or sale. A key objective of the CCPA is to prevent situations like the recent event involving Cambridge Analytica gaining access to personal information of approximately 87 million Facebook users without their consent.
Even if the CCPA is California law, it impacts businesses, independent of where their operations are located, that collect, share or sell personal information of California residents. These individuals could be consumers as well as potentially employees or independent contractors. According to experts in a recent article published on Bloomberg BNA, the CCPA will apply to over 500,000 businesses servicing approximately 40 million California residents. This law is the first one of this kind in the US, but other states could follow this trajectory in the new few months and years.
Companies are investing heavily in Digital technologies and Big Data. The volume of personal information collected has been increasing significantly in the last few years and will continue in the upcoming years. Indeed, the collection of personal information has become a significant asset for companies as part of cost reduction, customer journey personalization and broad competitiveness.
Personal information is used by numerous departments and can be collected through various channels and technologies.
>> The protection of personal information is paramount and the rights granted to individuals reinforced.
New Consumers' rights
The CCPA will confer new rights upon Californian residents, which have to be notified by businesses to the consumers and addressed in policies. This is going to introduce new cross functional processes through business departments.
Business Requirements and Prohibitions
To help enforce these rights, the CCPA imposes requirements and prohibitions on businesses that collect or sell personal information:
Disclosure Requirements: Upon receipt of a verifiable consumer request, businesses will be required to disclose:
The categories and specific pieces of information that they collect about the consumer
The categories of sources from which that information is collected
The business purposes for collecting or selling the information; and
Categories and identify of third parties with which the information is shared.
Deletion Requirements: Upon receipt of a verifiable consumer request, businesses will be required to delete the personal information as long as it does not interfere with the legal obligations of the business.
Opt-out Requirements: Businesses will be required to grant a consumer’s verified request to opt-out from the sale of their personal information.
Opt-in Requirements: Business will be required to seek affirmative authorization for selling the personal information of consumers under 16 years of age.
Discrimination Prohibition: Businesses will be prohibited from discriminating against customers who exercise their personal information-related privacy rights. Businesses will have the ability to offer financial incentives for the collection of personal information.
What business need to do?
Businesses first need to assess the CCPA’s applicability to their operations. Use this link to go to the page "Are you impacted?.
Once the need to comply with some or all of CCPA sections is confirmed, businesses need to assess whether their existing data privacy and information security policies, procedures and practices are sufficient to meet the CCPA requirements.
Our experience working with clients to establish resilient and sustainable data privacy and information security capabilities that are compliant with regulatory expectations demonstrates that the effort can be organized across the following areas:
The success of the CCPA compliance project relies on an organization’s ability to mobilize its workforce and create a long-term solution based on a sound corporate culture and effective governance.