The California Consumer Privacy Act (CCPA): What You Need to Know and Do as a Small Business Owner

Share this article:

LinkedIn
Facebook
Twitter
Email

Small business owners are an integral part of the local economy, employing many people and making up a large percentage of businesses in most regions. They’re also the backbone of their communities — they provide important services to their neighbors, participate in advisory boards, support local charities and causes, and otherwise invest a lot in the local community. The role small business plays in our society is why the California Consumer Privacy Act is so concerning. Small businesses make up 90% of all businesses in California, meaning they will be hit hardest by this new law. The CCPA will also have a much more significant impact on smaller companies than on larger ones. As such, we want to ensure you understand exactly what it means for your business if you operate as a small business owner with customers in California or if your company falls under that category for some other reason.

What is the California Consumer Privacy Act?

What is the California Consumer Privacy Act?

The California Consumer Privacy Act (or CCPA) is a new law that requires the owners of companies that collect and use personal data to protect their customers’ data privacy rights. The law was signed in June 2018 and went into effect on January 1, 2020. It will apply to all businesses operating in California and require them to fully understand the type and amount of data they collect and how they use it. The companies will also have to disclose what they do with that data, whom they share it with, and how the customer can access it and request changes or deletions. The CCPA is one of the strongest data privacy laws in the United States. It is a groundbreaking law that will significantly impact all businesses. This goes especially for small businesses. The law is so extensive that many experts believe it will cause major economic disruption and could potentially cause a significant reduction in small business revenue in the state.

What Does the California Consumer Privacy Act Require?

What Does the California Consumer Privacy Act Require?

The California Consumer Privacy Act requires that businesses collecting personal information about their customers disclose what they do with that data. They must also let the customers know whom they share the data with and how they can access and request changes to or delete their data. So, suppose your company collects and uses personal data, such as customer names and addresses, email addresses, phone numbers, birth dates, credit card information, or Social Security numbers. In that case, you need to comply with the CCPA. 

In addition, the law applies to any businesses that track specific customers’ online activities, including what websites they visit and what apps they use. It also applies to companies that analyze data based on information such as your ethnicity, shopping habits, or health conditions. The CCPA also covers businesses that create a profile based on your race, religion, sexual orientation, or political views. Businesses that offer free services are also subject to the law.

Why is it Important for Small Businesses?

Why is it Important for Small Businesses?

Smaller businesses will have a hard time keeping up with the requirements of the California Consumer Privacy Act. The law goes into extensive detail about how businesses must handle personal data, including what specific information they need to collect, how it must be stored, and which employees can access it. It also requires businesses to update the information regularly, keep a log of all the changes, and be able to export that log to customers. 

Up to speed on all these new requirements will be a significant challenge for small business owners. While the law allows some flexibility for small businesses, it also mandates that the companies have a compliance officer responsible for ensuring all data handling procedures are up to snuff. 

Smaller companies will have difficulty finding the right people for this role, while larger companies will have dedicated teams that can easily handle this new task. Additionally, legal experts expect that small businesses will struggle to meet the costs of being fully compliant with the California Consumer Privacy Act. They may need to invest in new technology, hire new staff, and purchase legal and regulatory compliance services. All these expenses, combined with the higher fees that businesses have to pay when they provide certain services to customers, will make it much harder for small businesses to survive in the state when the law goes into effect.

Whom Does the Act Apply to?

The California Consumer Privacy Act applies to any business that collects or uses personal data from California residents. Suppose you’re a business owner and sell products or services to Californians or have advertisements visible to Californians. In that case, your company will be caught by the law and must comply with it. The law also applies to companies that track Californians online, even if they’re based outside the state. Finally, the law applies to businesses that create a profile based on Californians’ ethnicity, political views, or religious beliefs.

The Biggest Challenges for Small Businesses under the CCPA

The biggest challenges for small businesses under the California Consumer Privacy Act are hiring more employees, investing in new technology, and paying higher fees. Smaller companies will have to add more staff to handle new data handling procedures, keep logs, and be able to export the records to customers. They’ll also need to invest in new technology to help them process data correctly. Finally, they’ll have to pay higher fees for certain services, such as payment processing and marketing. The law will make it much harder for smaller companies to keep up with their larger competitors with more resources and lower costs.

5 Steps to Take Now if You’re a Small Business Owner in CA

If you operate a small business in California and fall under the jurisdiction of the California Consumer Privacy Act, here’s what you need to do now: 

1. Assess your data practices 

Make sure you understand what data you collect and how you use it. Also, figure out your customers’ data, such as email addresses and birthdates. Finally, make sure you understand which data are protected under the law, as well as what data aren’t covered. 

2. Review your data security practices 

Make sure your employees follow the law when it comes to data security. 

3. Update your privacy policy

Your privacy policy is how your customers learn about the data you collect and how you use it. Make sure it complies with the California Consumer Privacy Act. 

4. Educate your employees

Ensure your employees understand the importance of protecting data and complying with the law. 

5. Communicate with your customers

Let your customers know that you comply with the law and what you do with the data they provide.

Conclusion

The California Consumer Privacy Act is a new law that will go into effect on January 1, 2020. It requires businesses that collect and use personal data to protect their customers’ data privacy rights. The law will apply to all businesses operating in California and will require them to fully understand the type and amount of data they collect and how they use it. The companies will also have to disclose what they do with that data, who they share it with, and how the customer can access it and request changes or deletions. The CCPA is one of the strongest data privacy laws in the United States. It is a groundbreaking law that will significantly impact all businesses. This goes especially for small businesses. The law is so extensive that many experts believe it will cause a significant disruption in the economy and potentially cause a substantial reduction in small business revenue in the state.

More to explore