Please note that the following article does not constitute legal advice. For information on how the CCPA affects you specifically, consult your legal counsel.
The California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020, is a data protection law designed to enhance privacy rights and give California residents more control over their personal data. This includes rights relating to the access, deletion, and sharing of personal data collected by a business.
The CCPA applies to any business operating in California that collects personal data from its clients and meets at least one of the following qualifications:
- Has annual gross revenues of over $25 million
- Collects data from over 50,000 individuals annually
- Earns more than half of its annual revenue from selling personal information
These businesses are referred to as data controllers and are responsible for ensuring compliance with the CCPA.
If you are a data controller, you should be aware of the following aspects of the CCPA:
The definition of personal data includes any data that identifies, relates to, describes, associates with, or links to a particular individual. This includes names, home addresses, email addresses, IP addresses, and other identifiers such as account names, driver’s licenses, and social security numbers.
Data protection rights
Under the CCPA, California residents have the right to:
- Know what personal data is being collected from them.
- Know whether their personal data is sold or shared and to whom.
- Refuse the sale of their personal data.
- Access their personal data.
- Request a business to delete any personal data about an individual collected from that individual.
- Exercise their privacy rights without discrimination.
CCPA and WellnessLiving
You are responsible for ensuring your business is in compliance with CCPA requirements. Requirements for compliance include giving your clients the option to exercise their rights related to their data. As a data processor, WellnessLiving will support you in complying with the CCPA when appropriate. When a client requests the removal of personal data, it is your responsibility to approve or deny any erasure request and forward approved requests to firstname.lastname@example.org.