It’s been almost a year that the General Data Protection Regulation (GDPR) came into effect. Soon after, data privacy and security started to be the top priority of businesses across the globe like never before. It served as an alarm reminding companies dealing with customer data that its high time that your data handling should be put to check to prevent any misuse.
Now as the GDPR storm went by, here another one is ready to give businesses a nightmare. Yes, we are talking about the buzz word, CCPA that most of you might have come across is finally set to be effective, bringing more stringent data protection regulations. The California Consumer Privacy Act (CCPA) or as officially called AB-375 is a bill passed by the California State Legislature. The bill was duly signed into law on June 28, 2018, by Governor of California, Jerry Brown. Ed Chau, the member of the California Assembly and Robert Hertzberg, the state Senator were the ones to introduce the act as part of amending Part 4 of Divison 3 of the California Civil Code. The bill with amendments to the CCPA was passed on September 13, 2018.
Like the way GDPR was meant to protect the personal data of European Union (EU) citizens; similarly, CCPA is intended to protect consumer’s personal information by enhancing the privacy rights of the residents of California, the United States through stringent law and regulation. The act is soon going to be implemented from January 1, 2020, which is only a few months away. With the importance given to data privacy and security, AB-375 provides California residents the rights to control their personal information used by companies. California consumers can even sue the company if they do not abide by the privacy guidelines, as stated by the CCPA and also incorporates hefty non-compliance fines.
Amidst data breaches, misuse and data theft, CCPA aims to secure the data of the state’s residents. The implementation of the act will provide California residents with the following rights in relation to their data:
When it comes to identifying and determining what data comes under ‘’personal information,” AB-375 act has a broader approach. Here are the following information of California residents that the CCPA consider as ‘’personal information’’:
Individual identifiers including real name, email address, postal address, account name, Social Security number, IP address, passport number, driver’s license number, and other similar details.
Educational details include all the information coming under personally identifiable information (PII) as stated in the Family Educational Rights and Privacy Act
Commercial information such as purchase history, services or products availed, personal property, purchase tendencies, etc.
Information pertaining to the internet or any other electronic network use including search or browsing history, data derived from consumer’s interaction with an advertisement, website, or application.
Interpretations derived from a customer profile that projects consumer preferences, behavior, abilities, characteristics, psychological trends, attitudes, aptitudes, and predispositions.
Employment or profession related data,Biometric information,Geo-location information,Electronic, thermal, visual, audio or similar data, Characteristics as classified under California or federal law
*Note: However, a recent amendment passed in April exempts employee information from the regulation.
CCPA applies to those for-profit companies or businesses who collects and processes California consumer’s personally identifiable information, and meets one or more of the following norms:
Although CCPA is drafted as “Consumer Privacy Act,’’ the law applies to business-to-business (B2B) companies as well. As long as businesses meet any of the above criteria listed by the act, CCPA is applicable even though they may not directly deal with consumers. If the employees of the B2B company are California residents and/or the company have business contacts who meet the specific criteria as mentioned earlier, then the company will have to abide CCPA.
Just by the use of the term consumer, businesses should not get confused as the definition of ‘consumer’ has a broader sense under CCPA and refers to any individual who resides in California or is domiciled in California from an outside state for a temporary purpose.
At some or the other point, every company might have or are still collecting what CCPA defines as personal information of the California consumers. To stay compliant and to avoid penalties, companies must cross-check what data they collect and must ensure that data privacy and security is on point. Here is what they need to review and put in place before the CCPA comes into play:
The privacy requirements set by CCPA makes it compulsory for businesses to have a hard look at their consumer’s personal data-governance processes and capabilities and if needed they need to make changes.
The California Consumer Privacy ACT does not apply to business associates or entities dealing with Protected Health Information (PHI) of California residents as it already falls under the HIPAA regulations. Any personal information outside of PHI is otherwise subject to the provisions of CCPA.
MedicoReach is always ready when it comes to any kind of compliance and regulation checks. We have always abide by the data privacy and security regulations specific to every region we have our customers in. Our compliance team pays special attention to changing laws and regulations across various economies that are related to our area of work. As a data provider we never compromise on data privacy and ensure proper measures to prevent any kind of misuse or theft. We have competent and advanced security systems installed in our systems and our employees are trained to handle sensitive customer data with utmost priority.
Our healthcare database comprises data derived from various trusted and permissioned sources where no personal information is obtained, used or processed without the customer’s or user’s consent. So, while other providers may be in a state of panic with the implementation of CCPA, MedicoReach is well-prepared in advance and have already ensured that none of our practices violate the CCPA. Our clients need to worry as MedicoReach is CCPA-ready.
Here are the steps that we took to prepare for CCPA:
* For further details about CCPA compliance, do check California State Legislature’s official website for more accurate information.