The California Attorney General attached a Standardized Regulatory Impact Assessment (SRIA) of the economic impact of the draft California Consumer Privacy Act (CCPA) Regulations to the draft regulations. Some key takeaways:
Either 50% or 75% of all California businesses that earn less than $25 million in revenue will be covered under the CCPA.
1. The small fraction of technology and operations costs that will directly exceed an average business' or service provider’s interpretation of the CCPA due to the specificity of the regulations.
2. The costs of complying with the Department of Justice's 90-day look back requirement for firms selling personal information to third parties.
The incremental compliance cost associated with this regulation is the extra work required by businesses to notify third parties that further sale is not permissible. Businesses that sell personal information will need to retain records to track these sales and must allocate resources to communicating with third parties once an opt-out request is made.
3. The more detailed training requirements for firms handling the personal information of more than 4 million California consumers.
4. The more detailed recordkeeping requirements for firms handling the personal information of more than 4 million California consumers.
For this, it is estimated that each company will incur a labor cost of $984/year and that the total cost for businesses assumed to exceed the 4 million consumer threshold would be $9.7 million per year.
5. Verification Costs
Regarding financial incentives, the draft regulations are essentially telling businesses that they can use whatever method they prefer to calculate the value of the consumer information, so long as there is an actual method developed that is reasonable.
California Attorney General’s CCPA Regulations: What Do They Mean for Your CCPA Compliance Prep?
Deidentification CCPA Style: What Can Businesses Operating in California Learn from GDPR Guidance?
If at First You GDPR, CCPA, CCPA Again