CCPA takes a broader view of personal data
The California Consumer Privacy Act (CCPA) came into effect on 1 January 2020. It brings compliance obligations for most businesses that collect personal information about California residents.
The reach of the CCPA goes beyond California and the US; it may apply to businesses based in the UK depending on the level of interaction with California residents and their personal information. UK-based businesses should understand the CCPA exposure risk, since the compliance requirements differ in some material ways from GDPR and the UK DPA.
Who does it apply to?
The CCPA applies to for-profit legal entities (or sole proprietorships) that a) do business in the State of California; b) Collect personal information of California consumers or c) determine the purpose and means of processing California consumers' personal information;
and either; 1) have annual gross revenues in excess of $25 million; 2) buy, sell, receive, or share for commercial purposes the personal information of at least 50,000 California consumers, devices or households, on an annual basis; or 3) derive at least 50% of annual revenues from selling the personal information of California consumers.
As the CCPA applies to for-profit entities that "do business" in the State of California, the CCPA has extraterritorial reach. It can apply to businesses located outside of California, and outside of the US, that satisfy the criteria set out above.
Get in touch today
Finding this hard to understand? Then get in touch and let us help you secure your data to help comply with CCPA.
Time to find out more
As with any data security regulation there are specific requirements that businesses will have to meet. We don’t seek to cover all these here, only to give you the top line about regulations that can impact your contact centre services.
The CCPA aims to give the people of California the same protections as EU residents have under the General Data Protection Regulation. It's one of the most wide-reaching data protection laws in the United States and it's extremely important that you understand how to comply with it.
For more detailed information please consult The State of California Department of Justice.
Get in touch today
Finding this hard to understand? Then get in touch and let us help you secure your data to help comply with MiFID II and PCI DSS.
Card-not-Present (CNP) crime in contact centres continues to rise so it remains a top priority to significantly reduce the risk of fraud and the impact of a data breach. Download the eGuide to CNP crime in Contact Centres for advice on how to combat the threat.
PCI DSS Compliance Explained
For a jargon-free guide to PCI DSS compliance for contact centres download the eGuide for the answers in one place.