GDPR Checklist - California’s GDPR - California Consumer Privacy Act (CCPA)

May 13, 2020

The CCPA becomes affective on 1 January 2020. It is a bill at state level that seeks to protect consumers and further their privacy rights. Consumers within the statute are defined as a natural person who is a resident of California.

The CCPA applies to any business that collects the personal information of Californian residents where personal information is defined as information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly with a particular consumer or (differently to GDPR) household.
Small businesses are exempt from the regulation. The CCPA applies only to businesses who meet one or more of the three criteria: having a gross annual turnover of over $25 million; through its business activities buys, receives, sells or shares personal information of 50,000 or more consumers annually (households or devices),
generates 50% or more of its annual revenue from selling consumer personal data.

Sometimes referred to as ‘California’s GDPR’, there exists some significant difference between how data types and subjects rights are defined.  Important differences include that definitions tends to be broader under CCPA and CCPA covers more types of data, (for instance, the CCPA includes inferences made by a business about a data subject). Some of the the rights given under it are more expansive than GDPR yet others are more restrictive. These distinctions will mean that policies and programs in place that have helped your business become compliant in GDPR will need some reworking to be compatible with the requirements of the CCPA.

Under CCPA the 5 consumer rights consist of:
the right to access personal information - categories and specific pieces of personal information;
the right to have personal information deleted;  
the right of disclosure; on what categories are collected, from what sources, the given business purpose, how data shared with third parties and specifically what has been shared or sold;
the right to opt out and opt in; which involves the asking the business not to sell data to third parties without the individual’s consent.  
the right to non-discrimination - (against a consumer who is choosing to exercising their consumer rights - although financial incentives are permissible, although in terms of level of quality of goods or services offered) will probably lead to the most difficulties. This particular right is regarded as too ambiguous currently  and it will only become apparent how it will work in practice as the Attorney General of California irons the legislation and fleshes out the rules in the coming years.  

With regard to the opt-in opt-out right, it is mandatory within CCPA that a business’ Website Notice offers a link (clearly showing on the website) that states “Do not sell my personal information”. As with GDPR, a data mapping exercise, staff training, proper privacy notices showing how data subjects can access the information and have internal procedures and policies in place that govern all actions including authentication of data subject are all crucial first steps to be able to begin to manage the new rules of data collection.

Become a Partner
As a partner you have the option to promote a wide spectrum of GDPR services from the complete GDPR checklist to GDPR managed services. PanoSec have an affiliate program and a channel partner program.
Affiliate Partners
Our affiliate program gives you the opportunity to gain a percentage of any revenue earned from customers you refer to us.

The program works as follows:

1. Create an account: Affiliate Registration
Register via the "Affiliate Registration" button below, then login to your account and click on "Programs".

2. Start promoting PanoSec products!
Once you are in the programs page, get your unique affiliate links and start marketing. You can track all your affiliate referrals in your personal dashboard.
Affiliate registration
Channel Partners
PanoSec Channel Partners Program is focused on technology companies, security VARs, SaaS service providers, business continuity experts and insurance companies who will use PanoSec as a part of their security offer to end users.

Start Now