FinTech Connect 2019: Key Takeaways
Somo's CSO Ross shares his thoughts on the future of financial services and how companies can create real product differentiation.Read more
As of January 1, 2020, the California Consumer Protection Act (CCPA), went into effect requiring businesses to take specific actions to ensure consumer rights for California residents and to better control the collection/selling of personal information. Consumers in California now have the power to manage the personal information businesses collect and the way the businesses utilize that information, a significant win regarding data privacy following years of security and data breaches.
1. Right to know: When collecting information from consumers, a business must notify consumers of what personal information is being collected and the purpose of this data collection.
2. Right to access: Consumers have the right to request a report from a business detailing the information they have collected on a consumer. More specifically, the report must include the following: specific pieces of personal information collected, the categories of personal information collected, commercial purpose for collecting or selling personal information, and the categories of third parties with whom the personal information is shared.
3. Right to opt-out: Consumers must be given the ability to forbid the sale of their personal information.
4. Right to deletion: Consumers must be given the ability to request that a business deletes any personal information they hold about the consumer. The business is also responsible for notifying any third parties they have shared the consumer’s personal information with, and requesting that information to be deleted.
5. Right to non-discrimination: A business may not discriminate against a consumer because they have exercised their rights under CCPA.
Through a series of conversations with legal and tech teams, we produced a set of requirements to implement across all websites and apps used by the client. A few items needed to be tackled to ensure that they were compliant across all of their digital platforms:
1. Allow visitors to the website the ability to enable/disable tracking cookies while browsing the website.
2. Allow visitors to opt-in to the sale of their personally identifiable information to car dealers and other third parties.
3. Allow visitors to submit “right to know” requests and “do not sell” requests.
CCPA went into effect on January 1, 2020. If a business is found to be non-compliant with the law, they have 30 days to comply once notified by regulators. If the business remains non-compliant after the 30 days, it could face fines of up to $2,500 per record for each violation and $7,500 per record for each intentional violation.
If your business needs help navigating CCPA and making sure your digital assets are compliant, reach out to Somo team – our experts are ready to help.