consumer data Archives

What You Need to Know About CCPA

by Charlotte Otremba | Oct, 2019 | Culture, Native Advertising

It was only a matter of time before the U.S. passed its version of GDPR: The California Consumer Privacy Act, AKA CCPA (because the industry definitely needs another acronym), will go into effect January 2020. But how similar is California’s take on privacy and will current GDPR protections comply with CCPA?

Background:

Motivated by recent, large scale breaches of consumers’ information, including the March 2018 incident with data-mining firm Cambridge Analytica that exposed the misuse of tens of millions of people’s personal data, the CCPA’s purpose is to take greater safeguards to protect consumers’ privacy against misuse stemming from carelessness, shadiness, and outright theft and fraudulent activities. The bill grants California residents grants greater privacy and control over their data while demanding more transparency and communication from businesses.

What is it?

Essentially, businesses must now provide explicit information on how and to whom personal data is being used, as well as honor requests for more information by consumers. Businesses must also clearly state if they engage in selling their customer data. They might already have signed up for the services offered by companies such as Treasure Valley IT (https://tvit.net/computer-repair-support/), for instance. Therefore, in terms of security and cyber-attacks, they can rest easy and let their customers know of their business stats.

CCPA seem simple but the consumer data gathered from KYC can be sensitive if not handled with care. But technologies like blockchain can provide innovative approaches that put individuals in control of their personal data, and relieve businesses of some of the burdens associated with data management. If this capability to leverage blockchain advantages can be properly implemented then the long-standing compliance issues of KYC can be addressed better. This might further help companies accommodate CCPA.

Under CCPA, businesses are required to provide California residents with the right to:

Know what personal data is being collected about them.
Know whether their personal data is sold or disclosed and to whom.
Say no to the sale of personal data.
Access their personal data.
Request a business to delete any personal information about a consumer collected from that consumer.
Not be discriminated against for exercising their privacy rights.

As such, businesses are required to notify and request permission from customers before collecting data, state its purpose, use the data in a lawful manner, and comply with consumers’ requests for deletion. In case of a large-scale revamp of databases or server systems, a business would find it in its best interests to engage the services of a professional IT recycling firm to ensure that equipment is securely destroyed without the possibility of a data breach or leak.

As for the businesses that require to document their client data, they may have to ensure the data is secured and stored properly to reduce the chances of data theft. For instance, a law firm can save your personal and legal information on the cloud; however, they will have to keep your information safe and out of the wrong hands. For that, they can hire a company that provides services like law firm data security and management, documentation, and other managed IT support.

When does it go into effect?

January 1, 2020 (confusing as it is called “The California Consumer Privacy Act of 2018.”). It becomes enforceable on July 1, 2020.

Who does it apply to?

The CCPA applies to any for-profit businesses (not nonprofits or governmental entities) in the state of California that collect consumers’ personal data and meets at least one of the following criteria:

Has annual gross revenues in excess of $25 million
Handles data of more than 50,000 people or devices
Earns more than 50% of its annual revenue from selling consumers’ personal information.

Is it really California only?

California is an important state to set a privacy precedent. Not only does it hold the largest population in the United States (39.56 million in 2018), but it’s home to the hot bed incubator of tech powerhouses and cutting edge startups. Notable digital companies headquartered in California include Alphabet/Google, Apple, Facebook, and Oracle.

While the law only applies to customers that live in California, most companies will have to shift privacy policies to accommodate it. Other states will likely follow suit and use the CCPA as an example to set their own state-level privacy laws.

CCPA vs. GDPR

The good news is that CCPA and the European General Data Protection Regulation (GDPR) have many similarities, so companies that have adopted practices that comply with GDPR will be pretty well-prepared for CCPA. Both the CCPA and the GDPR adopt an expansive definition of personally identifiable information (PII) and value the customer’s right to choose and understand how their data is being used. There are some differences – overall, CCPA is more specific in their requirements, while GDPR is a bit broader.

PWC offers a great table comparing the two on main points, from scope to enforcement:

What about child data: CCPA vs. GDPR vs. COPPA?

The protection of child data is not new in the US: the Children’s Online Privacy Protection Act (COPPA) came into effect in 1998. (In Europe, child data was treated like every other piece of personal data until the GDPR set specific and stronger rules.) Now, the CCPA goes even further than COPPA in children’s data protection: While all consumers can opt-out of the sharing of their information, consumers under the age of 16 must opt-in. And if they’re under 13, their parents or guardians must opt-in (EdSurge, 2018).

What do consumers think?

67% of US online adults and 57% of European (EU-5) online adults are not comfortable with companies sharing and selling their data and online activities, according to Forrester research. And 51% of US online adults and 48% of EU-5 online adults report taking active measures to limit the collection of their data by apps and websites (“Tackle The California Consumer Privacy Act Now” Forrester Research, Inc., February 8, 2019).

55% of US privacy professionals plan to be CCPA-compliant prior to January 1, 2020. 25% plan to be ready for July 1, 2020, when the law becomes enforceable (International Association of Privacy Professionals (IAPP) and OneTrust via eMarketer).

Cookie	Duration	Description
_abck	1 year	This cookie is used to detect and defend when a client attempt to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
AWSELB	session	Associated with Amazon Web Services and created by Elastic Load Balancing, AWSELB cookie is used to manage sticky sessions across production servers.
bm_sz	4 hours	This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
SF_PHPSESSID	session	No description
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
AWSELBCORS	2 hours	This cookie is used by Elastic Load Balancing from Amazon Web Services to effectively balance load on the servers.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_W78HCZ6KJE	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
bt-es-13398	session	No description
bt-es-15162	session	No description
bt-es-15264	session	No description
bt-es-15547	session	No description
bt-es-15900	session	No description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_cc_cc	session	The cookie is set by crwdcntrl.net to collect statistical data such as the number of visits, average time spent on site, and what pages have been loaded, for targeted advertising.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
GLOBALID	3 months	No description available.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Recent Posts

Recent Comments

Archives

Categories

Meta