The California Consumer Privacy Act of 2018 was approved by the California State Governor on June 28th 2018 and went into effect on January 1st 2020. This is considered to be the absolute toughest data privacy law in the United States. ¹
The California Consumer Privacy Act (CCPA) gives consumers more control over the personal information that businesses collect about them. Under the CCPA personal information is regarded as;
‘…information that identifies, relates to, or could reasonably be linked with you or your household. For example, it could include your name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inferences from other personal information that could create a profile about your preferences and characteristics.’ ²
This law gives Californian consumers more control and secures them new rights including:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights. ᵌ
This last point means businesses cannot discriminate against consumers for exercising their rights and protects them from receiving reduced service or functionality as a punishment for doing so. Businesses also cannot make consumers waive these rights, and any contract provision that states otherwise is unenforceable.
The CCPA, however, is not a blanket covering all businesses operating in California or those who deal with Californian consumers. It only applies to companies that meet certain criteria. The CCPA applies to for-profit businesses who do business in California and meet any of the following criteria:
- Have a gross annual revenue of over $25 million;
- Buy, receive, or sell the personal information of 50,000 or more California residents, households, or devices; or
- Derive 50% or more of their annual revenue from selling California residents’ personal information. ⁴
These criteria apply to a staggering number of US based businesses and an unknown number of international ones. Using data from the US Census Bureau, IAPP (The International Association of Privacy Professionals) worked out how many companies this would affect stateside. Working with data from 2015 they arrived at a grand total of 507,280 mostly small to medium sized enterprises ⁵, so the number of businesses affected will be even larger today.
It is important for individuals to feel confident and respected when sharing their data with businesses. Businesses need to demonstrate that they are following the laws as set out in the CCPA.
One business sector that requires people to share their personal information is lone working solutions. As the systems need worker’s name, phone number and location in case of an emergency, companies need to know their data is being used appropriately.
Ok Alone is an enterprise level solution for lone workers and adheres to all applicable privacy laws, endeavouring to use best practice whenever possible.
Every person whose data Ok Alone uses has the right to request deletion, updating, correction, or the full record of their data. To enable this, each Admin Monitor can add, edit, update and delete Worker’s personal information in the system. If there is a particular element of data the Monitor cannot edit, update or delete, they can also email OK alone directly to request specific data is removed from the systems.
Ok Alone takes data privacy very seriously, making sure internal access to customer’s personal data is on a need to know basis. All users with access to personal data have individual logins and standard industry security practices are maintained.
Ok Alone customers also have a great deal of control over which people internally see personal data. There are three levels of user access rights for the Monitors, each of which grants different access to personal data. Workers do not have access to personal data. All interaction between Workers and the system occurs through an encrypted connection with the app. Combined, this ensures people’s data stays private.
1 – https://www.americanbar.org/groups/business_law/publications/committee_newsletters/bcl/2019/201902/fa_9/#:~:text=The%20California%20Consumer%20Privacy%20Act%20of%202018%20was%20approved%20by,effect%20on%20January%201%2C%202020.&text=This%20prompted%20the%20California%20legislature,control%20of%20their%20personal%20information.
2, 3, 4 – https://oag.ca.gov/privacy/ccpa
5 – https://iapp.org/news/a/new-california-privacy-law-to-affect-more-than-half-a-million-us-companies/