CCPA – California Consumer Privacy Act that went into effect in January 2020
Originally, I wasn’t paying too much attention to the CCPA. I thought, I run a professional services firm located in the Pacific Northwest not all of my business in California and I don’t really work with consumers, this doesn’t really apply to our company. However, I attended a webinar recently put on by Workable. Upon closer look it doesn’t take a lot to hit some of the thresholds named by the Bill.
Thresholds: If you work with residents of California, if your business has $25 million in global revenue, if you deal with 50,000 pieces of personal information (right now it looks like that includes IP addresses so just over 138 or so daily hits on your website could bring you up to the threshold) Data brokers, if 50% of your revenue comes from selling data. Affiliation/similar branding with another company that hits the threshold.
There are differences between consumer data and business data collected. HR is required to collect a lot of data from our employees and applicants. We need to keep our fingers on the pulse. Some of the existing data protection laws have already led us to adapt our processes. This is just a bigger step. California may be leading the charge but other states aren’t far behind. Employee handbooks, our training programs for our employees as to their part in data security, our recruitment and on-boarding processes are all places where we need to be diligent. It might be a good time to look at those and make sure they are ready for the future trends regarding data collection.