Note: this article does not constitute legal advice. For information on how the CCPA affects you specifically, consult your legal counsel.
The California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020, is a data protection law designed to enhance privacy rights and give California residents more control over their personal data. This includes rights relating to the access, deletion, and sharing of personal data collected by a business.
The CCPA applies to any business operating in California that collects personal data from its clients and meets at least one of the following qualifications:
Has annual gross revenues of over $25 million
Collects data from over 50,000 individuals annually
Earns more than half of its annual revenue from selling personal information
These businesses are referred to as data controllers and are responsible for ensuring compliance with the CCPA. Data controllers should be aware of the following aspects of the CCPA:
Personal data
The definition of personal data includes any data that identifies, relates to, describes, associates with, or links to a particular individual. This includes names, home addresses, email addresses, IP addresses, and other identifiers such as account names, driver’s licenses, and social security numbers.
Data protection rights
Under the CCPA, California residents have the right to:
Know what personal data is being collected from them.
Know whether their personal data is sold or shared and to whom.
Refuse the sale of their personal data.
Access their personal data.
Request a business to delete any personal data about an individual collected from that individual.
Exercise their privacy rights without discrimination.
Breach notifications
Under certain circumstances, data controllers are obligated to inform both the supervisory authority in their country and their customers of any data breaches. If you are a data controller, you must have established processes for handling data requests and breaches and make sure you and your staff members are aware of the implications the CCPA has for your specific business. You should also review your Privacy Policy to ensure it meets the standards set by the CCPA. You can use the online waiver feature in WellnessLiving to set and update your Privacy Policy.
CCPA and WellnessLiving
You are responsible for ensuring your business is in compliance with CCPA requirements. Requirements for compliance include giving your clients the option to exercise their rights related to their data. As a data processor, WellnessLiving will support you in complying with the CCPA when appropriate. When a client requests the removal of personal data, it is your responsibility to approve or deny any erasure request and forward approved requests to [email protected].