CCPA 12-Month Look-Back Provision

We first mentioned the CCPA back in June 2018. Now everyone is finally panicking about the California Consumer Privacy Act that’s going to land in January of 2020. It’s the biggest data privacy shake-up in United States history. But why all of a sudden are companies frantically trying to gain compliance with the CCPA?

Although we are still 7 months away from the CCPA’s effective date on January 1, 2020, many organizations are racing toward compliance to meet the law’s 12-month look back provision —which requires businesses to respond to consumer requests for personal information collected or sold within the past 12 months preceding the consumer’s verifiable request.

For example, if on January 1, 2020, a consumer requests to know which personal data you hold on them, you must look to your data processing and collection activities for the past 12 months beginning on January 1, 2019.

To comply with the 12-month look-back requirement, companies must take steps such as data mapping, data inventorying, updating policies and contracts, and creating mechanisms to enable consumers to make requests for their personal information.

A failure to comply with the CCPA can result in disastrous consequences. Fines can be up to 2,500 dollars for each unintentional violation and up to 7,500 dollars for each intentional violation. Thus, under the CCPA, a violation impacting 10,000 California consumers could carry a penalty of $25 million for an unintentional violation and as much as $75 million for an intentional one.

For businesses that wonder whether the California Attorney general will enforce this new law, ask anyone who has tried buying a car in California that hasn’t been passed smog, they will quickly tell you how stringently California enforces its laws and regulations.

Rather than accept the risk of noncompliance, let us help your business reach its compliance goals today.

Skip to content