Many companies are still reeling from the effects of the GDPR, or the General Data Protection Regulation, even those that outside of the EU such as companies in the US. A year after the implementation of what is said to be the most important privacy law globally, companies again have to face another challenge as the passing of the CCPA or the California Consumer Privacy Act in 2020.
A large number of companies scrambled to try and comply with GDPR, but many still failed, and these have already translated to multimillion-dollar fines and billion-dollar lawsuits. To keep this debacle from occurring when complying to the CCPA’s requirements, compliance officers must be equipped with the right knowledge on the California Consumer Privacy Act.
What is CCPA?
The California Consumer Privacy Act is currently the most comprehensive privacy law in the United States of America that will go into effect on January 1, 2020. The CCPA is meant to give Californians more control over their information by giving them the right to know about the data a business has collected about them. California residents would also have the power to keep said businesses from selling their information.
Under the CCPA, Californians would be afforded several rights that would allow them to control their personal information.
The Right to Notice would result in Californians receiving a flurry of notifications regarding what categories of their personal information would be collected, and the purpose of these would be. Should companies need to obtain more information on their consumers, they will first have to inform them before doing the collection.
The Right to Access information would allow people to know what information was collected from them, from whom they received it and to who they shared and sold it, and why it was collected in the first place.
The Right to Deletion gives Californians the power to have their personal information collected by a company to be deleted.
The Right to Opt-out lets Californians prevent the sale of their personal information to any third parties.
The Right to Equal Services and prices would keep businesses from denying their consumers goods and services, charging goods or services for a different price or rate, providing products or services of a different quality, or suggesting that they’ll resort to such things when a customer would exercise any of their CCPA rights. This right does not place any restrictions on the company’s part in collecting information and can only be applied when a consumer decides to use specific CCPA rights.
Scope of Obligation
Compared to the GDPR, which focuses on Europeans as data subjects, the CCPA prioritizes “consumers” defined as natural persons and California residents.
The California Consumer Privacy Act affects the following for-profit organizations:
- Organizations with annual gross revenues of over $25 million
- Organizations that buy, sell, or share data from more than 50,000 consumers, households, or devices
- Organizations that derive 50% or more of their annual revenue from selling the private information of consumers
Collected Information Covered by the CCPA
The CCPA covers personal information or “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household” while excluding any medical information. Protected Health Information or PHI and other medical information are kept under the coverage of the Health Insurance Portability and Accountability Act or HIPAA’s regulations to prevent any conflict between both laws.
Other information excluded from the CCPA’s scope is personal information from the Gramm-Leach-Bliley Act and the Driver’s Privacy Protection Act.
Data Processing and Storage Standards
The CCPA states that when a business responds to an access request electronically, it should provide the requested information in both a portable and readily useable format that allows the consumer to send the information to another entity without interference. The business will have to take immediate steps to disclose and deliver the information to the consumer.
A company can provide the requested information anytime but is not required to provide personal information twice a year to one consumer.
Consumers can request any personal data, including captured mobile SMS and recorded voice calls.
Enforcement Fines and Penalties
If an organization remains unready to comply with CCPA regulations, then a company could suffer damages amounting to $750 per consumer to $7,500 per incident imposed by the attorney general.
Should companies ever violate CCPA’s regulations, then they have a thirty-day cure period to take steps to resolve the violation. If organizations fail to address the violation within the cure period then such could serve as evidence that the company intended to violate the regulation.
Since the California Consumer Privacy Act will go into effect on January 1, 2020 (with enforcement beginning July 1), many companies can have trouble complying with CCPA’s regulatory requirements, just like how many businesses failed to comply with GDPR’s requirements. To minimize the organization’s risk to hefty fines and penalties from non-compliance with CCPA regulations, the company would need an enterprise mobile messaging solution that can capture and monitor SMS, record voice calls, archive WhatsApp chats, and other mobile conversations in real-time.
The TeleMessage Mobile Archiver effectively addresses compliance, regulatory, eDiscovery response requirements and reduces risk across the government, financial, and healthcare sector. TeleMessage captures and records mobile content, including SMS, MMS, voice calls, social media, and WhatsApp Chats from corporate or BYOD mobile phones. Messages are securely and reliably retained within TeleMessage servers or forwarded to an archiving data storage vendor of your choice.
Our mobile archiving products securely capture content from mobile carriers and mobile devices for a variety of ownership models (BYOD, CYOD, and employer-issued). With our multiple archiving methods, you can always find the right tools or blend for your text message archiving and voice call recording requirements:
TeleMessage offers cross-carrier and international mobile text and calls archiving for Corporate and BYOD phones. Visit our website today at www.telemessage.com to learn more about how we can help your organization stay compliant with the privacy implications of different text archiving and call recording regulations.