The sweeping California Consumer Privacy Act (CCPA) is set to take effect Jan. 1, 2020. The business travel industry will feel its impact, as it did when the European Union’s General Data Protection Regulation (GDPR) launched in May 2018. Legal and industry experts at BCD Travel offer a Q&A primer on what the California Consumer Privacy Act will mean to corporate travel programs.
What is the California Consumer Privacy Act (CCPA)?
The California Consumer Privacy Act is one of the strictest privacy laws in the United States. It creates many new consumer rights and business obligations. California legislators passed the law in 2018; it takes effect Jan. 1, 2020.
Who does California’s new privacy law affect?
The CCPA grants consumers expansive rights concerning their personal information and imposes corresponding obligations on businesses processing that personal information. Business must comply if they process personal information from California consumers (defined as residents of the state), do business in the state of California (in person or online) and/or meet financial thresholds that apply to most global companies.
Business travelers worldwide will be protected under the California law, and many global companies will subject to its regulations, even if they don’t have a physical location in the state.
What consumer rights are granted by the CCPA?
- Data access and information requests—Like GDPR, the CCPA grants consumers rights to request access to, correction of and deletion of their information held by businesses.
- Opt out—Consumers may opt out of the sale of their personal information to third parties.
- Nondiscrimination—Businesses are prohibited from discriminating against consumers for exercising their CCPA rights.
What is BCD Travel doing to prepare for the CCPA?
As part of BCD Travel’s overall data protection program and obligation as a data controller, the CCPA will apply to BCD’s services. In addition, BCD must meet requirements that apply to businesses. BCD’s CCPA readiness plan focuses on:
- Mitigating and managing risks associated with third-party vendors
- Assessing and managing how data is collected, used and shared
- Enabling and responding to requests from travelers covered by the CCPA who are seeking to access, correct or delete their personal data
- Raising awareness among and training BCD employees to comply with the CCPA and other data privacy laws
- Reviewing and updating internal policies regularly to ensure CCPA compliance