Is your company okay? California's Shinshu Law CCPA

by Subin Chan

Do you know the California state law called CCPA? Companies that are enabled in January 2020 and collect and manage consumer information living in California are the state laws that have business bases in any country. If the target company violated CCPA in July 2020, it is said that a huge fines will be imposed, and our clients can also be eligible, so we will investigate and summarize the contents of the state law and the target companies. I did it.

What is CCPA?

CCPA (California Consumer Privacy Act) Translated into Japanese, it is called "California Consumer Privacy Law". In short, it is a state law that has further enhanced the privacy protection of consumers living in California. This gave consumers living in California to control their personal information. The contents that consumers can control are as follows
  • Consumers can ask companies how their personal information is being handled and used. (As a result, the company must provide the information required by consumers within 45 days.)
  • Consumers can refuse to provide or buy and sell their personal information to third parties (As a result, companies cannot provide or buy and sell personal information to third parties unless they have permission from the consumers who have refused.)
  • Consumers can request companies to delete their personal information (Companies have to meet the requests for the deletion of personal information that consumers want.)
  • Consumers can receive the same services as before, even if they use the above three rights to companies. (Even if consumers use the rights such as personal information requests, refusal to trading personal information, or applying for personal information deletion, companies must provide services as before.)
Consumers can also exercise their rights to companies that hold personal information regardless of the product or service of the company. Based on the above, companies have to respond to consumer demands at all times. In fact, major companies such as Google and Facebook seem to have initially opposed this state law. However, the law has been realized by the strong demands of the residents.

Companies subject to CCPA

As mentioned at the beginning, companies that collect and manage personal information of consumers living in California can be eligible for any business bases. However, companies that meet any of the following are required to be fined if they violate the state law.
  • Companies that have more than $ 25 MILLION per year
  • Companies that handle more than 50,000 (California) personal information per year
  • 50%of the total sales as a whole company is due to buying and selling personal information (living in California)
If the parent company or subsidiary satisfies any of the above, the subsidiary and the parent company will need to manage personal information according to the state law. Also, even if only consumer email addresses are retained in e -mail magazines, you may be able to track with the IP address and identify the address, so this area will also need to be confirmed with the management department.

What the target company actually needs to do

In the privacy policy of companies collecting personal information from consumers, it is required to update every year, including the purpose, purpose of use of personal information, third parties that share information, and information trading methods. rice field. In addition, when consumers use the CCPA rights, they must make sure that they must respond after confirming their identity. And disclose information within 45 days to consumers who use the rights. Companies that violate this will be notified of corrections, and if they are not corrected within 30 days, one consumer will be one violation, and up to $ 2,500 in violation will be imposed. * Detailed amounts will fluctuate in the future. If you do not review the collection and management method in the company once, the consumer who uses the right to contact us in January 2020 will not end up. It may be possible. And it's better to keep in mind that there are some malicious consumers ...

bonus

What did you think. We investigated to confirm whether the client, who is doing business together, is under the province, but it is not a safe content just because there is no base in the United States. It has become easier for consumers to manage their personal information, but the company cannot turn away because of the laws that may be fined enough for the company's management. GDPR, which was legally legislated in Europe, further strengthened how to handle personal information before this CCPA. CCPA and GDPR are the same for strengthening personal information protection, but the content and obligations are different, so I would like to write an article when there is time.
Go Ride produces and operates EC sites. Please feel free to contact us. For inquiriesHere
この著者の記事一覧

One -stop offered from EC construction to advertising operation.

WHITEPAPER DOWNLOAD inquiry