The California Consumer Privacy Act (CCPA) has introduced a new host of requirements for companies doing business in the Golden State, even if they’re not based in California. The privacy act is intended to give California residents more control over how companies collect and use their personally identifiable information (PII) by granting them rights to view and control the PII that companies collect about them, similar to the goal of GDPR in the E.U. Companies subject to the CCPA must comply with the data privacy law by creating mechanisms that allow California residents to exercise those rights.
Under the CCPA, California consumers may request to:
Risks from regulatory non-compliance and litigation can be severe. The CCPA allows the state to seek civil monetary penalties for each infraction, and consumers can file their own civil litigation seeking damages arising from personal information breaches. Compliance requires organizations to have effective risk management practices.
Unfortunately, there is still a lot of uncertainty around how to systematize and comply with the CCPA in a way that aligns with the organization’s other compliance efforts.
Get My Data Subject Rights Hotline Now
Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!