Is your consumer data safe? The landscape of data privacy is constantly evolving, and the pendulum is swinging to the rights of the individual, most notably by way of the California Consumer Privacy Act (CCPA). The CCPA enhances privacy rights and consumer protection by granting consumers more control over how businesses use their personal information.

The initial CCPA bill was passed in 2018 and the law entered into full effect in January of 2020. The law, as it stands right now, gives the consumer:

• The right to know about the personal information a business collects about them and how it is used and shared
• The right to delete personal information collected from them
• The right to opt-out of the sale of their personal information
• The right to non-discrimination for exercising their CCPA rights

Is your organization prepared to safeguard your 1st party data by fully complying with CCPA? California allows a 30-day cure period to correct an infringement. If a business fails to do so, it could face serious penalties and thousands or even millions in charges. CCPA states that the maximum civil penalty is $2,500 for every unintentional violation and $7,500 for every intentional violation of the law.

Sephora, one of the most popular personal care and beauty retailers in the world, is currently facing the first CCPA enforcement for violating California law and is settling with $1.2 million in penalties.

Sephora allegedly shared data with other companies via cookies on its website to enable a personalized shopping experience through tailored ads. The retailer is facing charges for the failure to inform customers about the sale of their data and failure to process sale opt-outs. Under CCPA, even if no money is exchanged, “data sales” is illegal, and any kind of commercial benefit from data sharing will be reprimanded (Duball).

Virginia, Maine, and Nevada have followed suit with variations of “Do Not Sell” laws, which allow consumers the right to opt-out of the sale of personal information. Consumers may file a complaint with the Office of the California Attorney General if they are experiencing a breach of privacy.

California Attorney General Robert Bonta stated, “I hope today’s settlement sends a strong message to businesses that are still failing to comply with California’s consumer privacy law. My office is watching, and we will hold you accountable. It’s been more than two years since the CCPA went into effect, and businesses’ right to avoid liability by curing their CCPA violations after they are caught is expiring. There are no more excuses. Follow the law, do right by consumers,” (Nash).

Companies need to pay more attention to how they are handling their data privacy initiatives. The following are critical questions your organization needs to ask to protect your 1st party data:

• How is your business abiding by data privacy laws?
• Do you collect data about your customers?
• Are your customers aware of this collection?
• Do you give customers an option to download or delete data your business may have on them?
• Do you have a certain process or practice of managing all data?
• Are you prepared if states like California come knocking?

Implementing a solid data privacy management system enables your business to avoid troubles and litigations, but also, shows your customers that you are careful and can be trusted with their data.  

At Infinitive, we understand the critical importance of keeping your 1st party data safe. Infinitive’s data privacy and security experts have built out a customer intelligence solution allowing individuals to request and/or delete sensitive personal information while allowing consumers to opt-out of all online data sales. This has benefited Fortune 500 companies, saving millions in potential fines. For more information, start a conversation with our industry-leading data privacy experts who are prepared to build reputable processes in the pursuit of compliance.