Florida Businesses and the California Consumer Privacy Act (CCPA)
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) is the most substantial law of its kind and is guaranteed to force radical changes in how businesses handle personal information. The CCPA will impact over 50,000 businesses nationwide. This includes start-ups and smaller e-commerce businesses in addition to major corporations. While the law specifically concerns the personal data of California residents, our globalized economy means that there’s a good chance that your Florida business has collected information from Californians if it has an online presence or makes use of mobile applications. Other states are considering similar privacy legislation as well. Because the CCPA is in its infancy, you can expect some changes to the law as the finer points are hammered out. Until then, here’s what your Florida business needs to know about the CCPA.
What Businesses Does The CCPA Apply To?
The CCPA applies to any business or for-profit entity, including LLCs, corporations, sole proprietorships, and partnerships, that fall into one of the following categories:
- Businesses that collect personal information, either directly or through a third party, and decide how the data will be used and processed (again, either directly or through a third party).
- Businesses that operate in California and either:
- have gross yearly revenue of $25 million or more (adjusted for inflation);
- buy, receive, share, or sell the personal information of more than 50,000 consumers, households, or devices (either alone or in combination) each year; or
- make at least half of their annual revenue from selling consumers’ personal information.
Certain businesses and transactions are exempt from the CCPA, such as those that:
- Collect or sell personal information if it is done entirely outside of California.
- Make a single transaction and do not hold on to any collected personal information.
- Sell personal information as a part of a merger or acquisition.
- Must do so in the process of complying with other laws, defending legal claims, or cooperating with law enforcement.
- Operate in an industry that already has sector-specific privacy or data protection laws in place.
What Personal Information is Does the CCPA Cover?
The scope of information covered by the CCPA is extensive. Basically, if it can be considered personal information in any way, then it’s protected by the CCPA. This includes all the traditional items, such as email addresses, credit card information, and browsing histories, just to name a few. However, the law also expands personal information to include biometrics like fingerprints and “olfactory information,” as well as geolocation data, psychological profiles, and consumer preferences.
What Rights Do California Residents Have Under the CCPA?
California residents have a number of new rights relating to their privacy and personal information under the CCPA that Florida business owners should familiarize themselves with. These new rights include the ability to sue for damages related to data breaches and other violations. They can also opt-out of the sale of their personal information and compel companies to produce a year’s worth of their accumulated personal data (as well as any organizations that have had access to that information) and to delete any of it if they so desire. Companies can incentivize individuals in exchange for their data. However, they cannot penalize or otherwise provide restrictions for those who opt-out. Additionally, companies must disclose whenever they are collecting personal data — even if it’s an employer collecting information on their employees, should those employees be California residents.
What are the CCPA’s New Rules for Minors?
The CCPA also has special rules to protect the privacy of minors. First of all, the law raises the age gate for consenting to data collection from 13 to 16. This means that businesses must get permission before they can gather information on anyone under the age of 16. For children under the age of 13, that permission must come from a parent or legal guardian. The burden of responsibility on businesses is further increased under the CCPA, as they are also required to obtain “actual knowledge” and verification of their minor users’ age.
What Next Steps Should My Business Take?
If your Florida-based company or start-up made any updates to stay in line with the EU’s most recent privacy laws, the General Data Protection Regulation or GDPR, then it’s probably most of the way to reaching compliance under the CCPA. Still, you’ll want to take some additional steps. You’ll want to audit your company’s data so that you have a firm understanding of what kind of personal information you have on hand, and then implement a privacy policy as well as a data governance plan for managing the data, preventing breaches, and meeting the CCPA’s other requirements. Carefully review all of your business’s data collection methods, such as mobile applications, so that you don’t miss anything. After all, the avenues for personal data collection in 2020 are nothing if not extensive.
What are the Penalties for Noncompliance?
Florida businesses that fail to remedy California Consumer Privacy Act violations within 30 days of notification could face civil penalties ranging from $2,500.00 to $7,500.00 per incident depending on whether the infraction was intentional or not. Companies tend to collect a lot of data, so those numbers can add up fast. Major firms like Google might be able to absorb these fines as a cost of doing business. However, fines on this level can absolutely sink most companies. Fortunately, we’re in the six month grace period that ends this June, so don’t panic just yet. There’s still time to contact a local business attorney for help with CCPA compliance. It’s imperative for anyone doing businesses in California or with California residents.
Is your Florida business looking for assistance with the CCPA or other complicated legal issues? Then there are few allies as helpful as a business attorney. Contact us today by calling (727) 279-5037 or by visiting our Consultation Page.