What is CCPA?
The California Consumers Privacy Act (CCPA) aims at protecting the rights of California residents for owning their personal information, knowing about what kinds of personal information have been collected, opting out from companies selling or sharing personal data to other parties, and holding businesses accountable for breaches in their customers’ personal information. In order to meet CCPA compliance regulations, companies must radically improve the transparency of customer data handling and allow customers to manage their data privacy as they see fit.
The CCPA was already passed by the California State Legislature and will come into effect on January 1, 2020.
Under the CCPA, California residents will be given more rights to protect their personal information. These rights include:
- Knowing what personal data is being collected and for what
- Saying no to the sale of their data without discrimination
- Deleting previously posted data
- Suing companies for data breaches
All digital commerce brands need to comply with payment regulations like eCommerce PCI compliance to guarantee the safety of transactions. The CCPA applies to any company collecting any consumers’ personal information for profit or financial benefit of its shareholders or other owners, any company doing business in the State of California, and any company satisfying one or more of the following thresholds:
- Has annual gross revenues in excess of $25,000,000; or
- Annually sells, alone or in combination, the personal information of 50,000 or more consumers or devices; or
- Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
How Will This Act Affect Others?
The CCPA will protect Californians and affect CAL based companies but it is expected that other states will adopt similar laws.
Is This the “Californian GDPR”?
No, it is not (even though there are many similarities). First of all, the CCPA focuses on protecting customer data from being sold to 3rd parties. Also, unlike the EU’s GDPR, the CCPA uses an “opt-out” approach instead of “opt-in”.
How Oro Products Ensure Compliance with CCPA
Oro products follow industry best practices in the protection of personal data stored inside the system. These practices have been set by GDPR and remain relevant for the CCPA as well.
The following features in Oro products ensure full compliance with the CCPA:
- Flexible and customizable data structure (easy to add a “do not sell me” flag)
- Personal data structure audit
- Personal data protection
If you are interested in learning more about personal data protection in Oro products and the CCPA compliance, please contact us and we’ll get back to you shortly.
You may also discover how OroCommerce addressed GDPR compliance for our EU customers in our Getting Ready for GDPR free guide.