If you're tired of hearing about GDPR, just wait until you start dealing with CCPA.
The California Consumer Privacy Act is coming... and, marketers beware, it will change everything. If you collect consumer data in California, you need to prepare for a slew of new data management obligations. And, considering that one in eight Americans resides in the Golden State, it's highly likely the CCPA applies directly to your organization.
Think of it as GDPR for Americans (albeit with some important differences).
Effective January 2020, consumers in California will, for the first time, own the personal data that you collect about them. Although it is theoretically possible to apply CCPA only to California—one data standard for Californians, and one for everyone else—it would be extremely cumbersome and inefficient in practice. More realistically, many companies will find it easier and cheaper to simply apply their California data management policies across the board—for all US customers.
The new law also comes with teeth. To ensure compliance, companies face the prospect of both civil litigation and fines issued by the state attorney general that can potentially add up to millions of dollars in penalties.
All of that has serious implications for a wide range of companies—including technology, services, online media, and many others.
How to Know Whether the Law Applies to You
Although the law applies specifically to residents of California, and only when they happen to be within the boundaries of the state, an estimated half a million companies in the US will be affected, according to the International Association of Privacy Professionals.