<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=5678177&amp;fmt=gif">

    What Australian Companies Need to Know to Comply with CCPA

    by Michael Williams
    4 min read
    california republic flag

    Australia is a significant participant in the global economy, with Australian-based companies employ over 15,000 Californian residents and many selling products and services to consumers in the state.  With the California Consumer Privacy Act (“CCPA”) now in effect, Australian companies need to understand whether they’re in scope, how to comply and how to position themselves as other US states consider or enact data privacy legislation.  Given that the  Australia Privacy Act has been on the books for a number of years, many Australian companies already have a solid data privacy footing, however those companies subject to CCPA should get familiar with the regulation so they can avoid significant financial penalties.

    Who Does CCPA Affect?

    Clym has published a number of articles regarding  CCPA’s application to businesses and what certain companies should know, to summarize CCPA affects companies:

    1. Earning annual gross revenue greater than $25 million;
    2. Buying, receiving, collecting, selling or sharing for commercial purposes the personal information of at least 50,000 consumers, households or devices, whether alone or in combination; or
    3. Deriving at least 50% of its annual revenue from the sale of consumers’ personal information.

    It’s important to remember that this is an “or” test, meaning that if your company only needs to exceed one of these thresholds to be in scope of the regulation.

    What is Personal Information?

    Personal information includes “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Examples of personal information include, but are not limited to: name, email, phone number, and IP address, among others.

    CCPA applies to all categories of personal information that are collected by a business that falls within the law’s scope from its customers. Under CCPA, any natural person that is resident of the state of California is considered a customer. CCPA excludes “aggregate consumer information” from personal information categories. “Aggregate consumer information” means data that is, “not linked or reasonably linkable to any consumer or household, including via a device.” Additionally, it also excludes information that is publicly available from local, state or federal records. 

    What Should Australian Companies Do to comply with the CCPA?

    If your company is subject to CCPA, you should take the following four steps to start your CCPA compliance:

    1. Update and publicize (at a minimum, on your website) your privacy policy. Make sure your updates are consistent with CCPA requirements as they differ from APA, GDPR and other data privacy regulations.
    2. Review your data security and privacy protocols to ensure they’re reasonable per CCPA requirements.
    3. Provide a mechanism for consumers to make  data subject access requests and opt out of the sale of their personal information.
    4. Prepare for privacy rules in other jurisdictions where you are currently or are planning to do business (e.g., New York, Europe, Brazil, or other regions).

    What Happens If My Company Doesn’t Comply with the CCPA? 

    If your company is subject to CCPA and doesn’t comply with the regulation, the financial penalties of noncompliance can be severe and crippling from both a penalty and financial resource perspective.

    How can Clym help with CCPA compliance?

    Clym believes in striking a balance between digital compliance and your business needs, which is why we offer businesses the following:

    • All-in-one platform: One interface combining Privacy and Accessibility compliance with global regulations, at an affordable price;
    • Seamless integration into your website;
    • Adaptability to your users’ location and applicable regulation;
    • Customizable branding;
    • ReadyCompliance: Covering 30+ data privacy regulations;
    • Six preconfigured accessibility profiles, as well as 25+ display adjustments that allow visitors to customise their individual experience.

    You can convince yourself and see Clym in action by booking a demo or reaching out to us to discuss your specific needs today.