Common Misconceptions about the CCPA
This is the second article in a series of four that I put together on the California Consumer Privacy Act, otherwise known as the CCPA.
The first article discussed how to figure out if the CCPA applies to your business.
In this article, I'm going to walk you through some common misconceptions about the CCPA that you may have heard.
My goal is to help you understand the CCPA a little bit better in case it applies to your business.
The first misconception is that the CCPA applies to all customers or users no matter where they're located.
That's not the case. The CCPA and its requirements only apply to California residents. You could choose to apply CCPA requirements to all users everywhere, but you don't have to.
The second misconception is that Europe's General Data Protection Regulation, otherwise known as the GDPR, is the same as the CCPA, and if you comply with the GDPR, you're in compliance with the CCPA automatically.
That's not the case either. Although, the principals behind the GDPR and the CCPA are similar, the two laws go about compliance with various requirements differently so, if you've developed GDPR compliance processes, you've got to develop CCPA compliance processes too.
The third misconception is that the CCPA applies to all types of data regarding an individual person.
Whereas the CCPA applies to personal data regarding a natural person, it doesn't actually apply to personal data that's been de-identified. Data that has been de-identified has been stripped of identifiers from which you can tell who the person is. So, if you've de-identified your data set by stripping out certain identifiers, then the CCPA will not apply to that data set.
The last misconception is that the CCPA does not apply to personal information in the Business-to-Business context.
Whereas, it is true there is a one year exemption in the CCPA for B2B data until January 2021, this is limited to transactional data only. It's limited to data that you may have on customers who purchased a product or service from you. The limitation does not apply to personal information for people who have not purchased a product or service from you, such as leads or prospects. So that data is subject to the CCPA and it's subject to the CCPA now.
The CCPA went into effect on January 1st, 2020, and enforcement began on July 1st, 2020.
Don't miss the next video in my series, which will cover CCPA requirements and how to comply with them.