The California Consumer Privacy Act (“CCPA”) is a comprehensive framework to protect California residents (consumers). Effective January 1, 2020, data protection became a California requirement for businesses. All businesses that meet certain criteria are required by law to protect consumer data or face fines or penalties beginning July 1, 2020. As of this writing, enforcement of the CCPA will not be delayed, even as companies face COVID-19 and telecommuting challenges. The final proposed regulations package was submitted on June 1, 2020, to the California Office of Administrative Law, outlining enforcement and assessing penalties for noncompliance.
Covered businesses that must meet security compliance or fulfill consumer privacy requests for removing non-sharing data under CCPA should first determine whether they hold personal information of California residents. Most manufacturing companies immediately dismiss this because they sell to a distributor and generally not direct to the consumer. However, with advances in technology, manufacturing companies may inadvertently hold personal data. Such examples of personal data are (1) warranties that identify the person who holds the product, (2) payment card industry data (PCI), (3) personal health information maintained in medical devices, (4) information collected from various Internet of Things (IoT), or (5) automotive products that transmit data back to the manufacturer.
Businesses that meet one of the following criteria will be subject to CCPA:
- Has gross annual revenue in excess of $25 million;
- Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices;
- Derives 50% or more of annual revenue from selling or sharing consumers’ personal information.
The State of California Department of Justice will assess violations ($7,500 per intentional violation and $2,500 per unintentional violation, data breaches of up to $750 per consumer incident) for noncompliance with the CCPA beginning July 1, 2020 that will retroactively apply to January 1, 2020, and violations will result in significant consequences. Businesses are held accountable for any breach of consumer privacy rights, and the penalties are higher when the violation affects children. In addition to monetary penalties, businesses that fail to protect consumer personal information could suffer brand damages.
The assessment, development, and implementation of processes to comply with the CCPA can be a daunting task. So, where do companies begin? KROST’s cybersecurity experts have developed a dedicated CCPA framework and cybersecurity risk assessment to take out the guesswork. This process helps the business meet the standard that it has implemented good faith efforts to comply with CCPA. Additionally, it includes a thorough review of privacy policies and internal controls to ensure compliance, complete with a checklist of requirements that need to be addressed as soon as possible to mitigate fees and penalties from violations. Have questions about CCPA? We’re here to help. Contact us today.
This has been prepared for information purposes and general guidance only and does not constitute legal or professional advice. Neither KROST nor its personnel provide legal advice to third parties. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is made as to the accuracy or completeness of the information contained in this publication, and KROST, its members, employees, and agents accept no liability, and disclaim all responsibility, for the consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it.
KROST Quarterly is a digital publication that highlights some of the hot topics in the accounting and finance industry. Volume 3, Issue 2 highlights some of the hot topics in manufacturing, including accounting for PPP, transfer pricing, Foreign-Derived Intangible Income (FDII), R&D tax credits, and more.