The California Consumer Privacy Act
What is the CCPA?
The California Consumer Privacy Act (CCPA) grants new rights to California residents by regulating the access to, deletion of, and sharing of personal information (information that describes, identifies, relates to, or could reasonably be linked to a particular individual) that is collected by businesses.
California residents have the right to:
- Know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information;
- Delete personal information held by businesses and by extension, a business’s service provider;
- Opt-out of sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13.
- Non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
Applicability
The CCPA covers for-profit entities that (1) have gross revenues exceeding $25 million per year, or (2) buy, receive, sell or share personal information of 50,000 or more consumers, households or devices per year, or (3) derive at least half of annual revenue from the sale of personal information.
Although the Long Beach Community College District (LBCCD) is a non-profit entity, the CCPA may apply to some district activities (e.g., collaborative efforts with for-profit institutions regarding marketing) as California authorities begin to interpret or amend the law.
Protecting Your Privacy
LBCCD is committed to protecting your personal information against unauthorized access, use, disclosure, disruption, modification, storage, transmission, or destruction. As part of a public higher education system, your privacy is protected by several federal and state statues including the Family Education Rights and Privacy Act (FERPA), and the Gramm-Leach-Bliley Act (GLBA).
In accordance with these mandates, LBCCD actively (1) identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of private information, and (2) assesses the sufficiency of any safeguards in place to control these risks.