<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=654132&amp;fmt=gif">

Amazon’s Record-Setting Privacy Fine: What You Need to Know

Last month Amazon was hit with the highest personal data fine to date. A whopping $886.6 million (746 million euros) fine was levied against the corporation by the European Union fine for processing personal data in violation of the bloc's GDPR rules. This action foreshadows a privacy climate in which enforcement will be the norm, trending away from the spotty enforcement of the past.

All Posts

A Guide to the CCPA Right to Opt-Out

Does your business collect, maintain, and/or use customer’s personal data? Does your business operate in California? If you answered yes, you must be in compliance with the CCPA beginning on January 1, 2020.

Under this act, consumers have 5 specified rights. One of the rights is to opt-out of having their information kept or sold. Learn about the actions you need to take to help ensure you are in compliance.

Consumer Rights Under CCPA?

The CCPA will require that all businesses update their online privacy policy before January 1, 2020. The Act gives “consumers” five rights regarding their PI.

1. Right to Request Disclosure

The consumer can ask the business to disclose what PI the business collects. He/she can also ask to know about the sales practices associated with their PI. This includes:

  • All PI you have collected
  • Source of the information
  • How you use the information
  • If you disclosed or sold PI to a third party
  • Categories of PI that's disclosed or sold to third parties
  • Categories of third parties that received the information

Businesses need to put processes in place now to be able to answer these consumer questions.

2. Right to Request a Copy

Consumers may ask the company to provide a copy of the specific PI collected. The organization must provide this information for the previous 12 months from the time of the request.

3. Right to Deletion of PI

The consumer may request the deletion of their PI. There are some exceptions to this right.

4. Right to Request PI Not Be Sold

Consumers may ask the business to not sell their PI to third parties.

5. Right to Nondiscrimination

The consumer has the right to protection from discrimination. Thus if they ask for the deletion of their PI or not to have it sold, the business must still provide products and services to them.

What Is PI Under the CCPA?

The CCPA defines personal information as anything that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly with a particular consumer or household.”

Many data elements meet PI definitions including:

  • IP address or data that identifies a specific individual
  • Electronic network information such as browsing histories, search histories, and consumer’s interaction with websites, applications, or advertisements
  • Any information collected via audio, electronic, visual, thermal, or olfactory media
  • Data that provides geolocation information

The CCPA also includes information that can be “inferred” from data elements. For example, creating a customer profile showing their preferences, characteristics, psychological trends, and behaviors. This law also includes inferences of consumer preference, predispositions, attitudes, intelligence, aptitudes, and abilities.

PI extends to name, addresses, social security, driver’s license, and passport numbers. Biologic data such as genetic markers are also considered identifiable information as well.

Can Consumers Opt-out?

The CCPA provides consumers with 5 rights. The third right allows customers “to say no to the sale of personal information.” This is also called the “Do Not Sell My Personal Information” or the right to opt-out.

This consumer right may have a significant impact on your company. Most often you must follow this request. You must have policies and procedures in place before you ever receive a request.

Your system must allow you to identify the location of every piece of PI. You must ensure that third-party partners have these systems in place as well. When you receive this request, you must track your actions and prove that you complied.

The CCPA defines “affirmative authorization” as an action showing the intentional request by a consumer to opt-in to the selling of their PI. If the consumer is under the age of 13, further rules apply. A parent or guardian may consent to the sale of a child’s PI but must follow the rules in section 999.330.

If the consumer is 13 years or older, he/she must first clearly request to opt-in and then separately confirm their opt-in choice.

Do All Companies Have to Comply with CCPA?

California businesses are not all subject to the CCPA law. This act only applies to organizations that earn at least $25 million each year or if 50% of revenue results from the sale of personal data.

CCPA also applies to businesses that buy or sell PI for more than 50,000 consumers or households.

All collected data is not treated the same under the CCPA law. Any information collected twelve months before 2018 is exempt from the provisions of the Act. Also, PI for children under the age of 16 can’t be sold to another party unless the parent or guardian consents to opt-in.

Organizations must increase cybersecurity to protect PI unauthorized release to a third party. This may occur through theft or access by an employee not cleared to access or transmit data.

Are You Worried About Meeting CCPA Compliance?

With the advent of data privacy rights laws, many businesses aren't equipped to meet all the regulations. Truyo helps companies to efficiently and securely manage regulatory compliance. We also ensure that your customer satisfaction isn’t affected.

Truyo makes sure that you and your customers receive your full data rights and manage consents. We will help you with consumer requests such as opt-out. Contact us today to schedule your demo.

About Truyo
Powered by IntelⓇ, Truyo is the automated answer for enterprises seeking to deploy truly integrated SAR, consent, and other data privacy rights processing capabilities that scale with your needs, deliver conspicuous compliance, and adapt to new privacy regulations as they emerge.
Recent Posts

Amazon’s Record-Setting Privacy Fine: What You Need to Know

Last month Amazon was hit with the highest personal data fine to date. A whopping $886.6 million (746 million euros) fine was levied against the corpo...

Say Hello to House Bill 376, the Proposed Ohio Personal Privacy Act

Ohio is joining the likes of Massachusetts, New York, and Texas by introducing a privacy bill. The Ohio Personal Privacy Act (House Bill 376) would ap...

The Colorado Privacy Act Has Passed, What's Next?

It is official - Governor Jared Polis has signed the bill making the Colorado Privacy Act the latest enacted state legislation, joining California and...

Colorado House Votes on SB190, Senate Reconciliation is Next

Updated 6/9/21 @ 11am: The Colorado Senate unanimously voted 34-0 on concurrence and final passage of SB190. It now heads to Gov. Polis, who will have...