What is the California Consumer Protection Act?
The CCPA is a piece of legislation that was passed in 2018 and will go into effect January 1, 2020. It is very similar to the European Union’s GDPR. The act provides consumers with rights regarding their personal data that is collected, stored, and distributed by companies covered under the CCPA. This also creates regulations around what consumer information is deemed “personal information” and requires companies to allow consumers to know what information has been collected and the option to opt out of the sale or use of their personal information.
What companies does it affect?
The CCPA essentially covers three categories of businesses. All companies that have more than $25 million in gross revenue, all companies with data on 50,000 consumers or more, and all companies that make more than 50% of their revenue by selling consumer data are covered by the CCPA. Any company that is covered by one of these qualifications and is either in California or sells to residents in California must adhere to the law’s requirements. This means that even though it is a state law in California, it will affect companies nationwide.
What rights does it give consumers?
According to the American Bar Association, the CCPA gives consumers five new rights in respect to their personal information.
- “Consumer Right to Know” – This gives consumers the right to request what personal information has been collected and what personal information has been sold or used by a company. The CCPA requires companies to provide consumers with this information when it is requested.
- “Consumer Right to Delete” – Consumers have the right to request that a company delete any personal information they have collected on the consumer. Businesses covered by the CCPA must honor these requests and delete the consumer’s personal information.
- “Consumer Opt-Out from Sale of Personal Information” – This gives consumers the right to “opt-out” of their personal information being sold by the company. Companies covered under the CCPA are required to provide a clear method of choosing to opt-out, including a button titled “Do Not Sell My Personal Information” on their website and a toll-free number that can be used. Covered Companies must then wait at least 12 months before requesting re-authorization of selling the consumer’s personal information.
- “Consumer Opt-In for the Sale of Personal Information of Minors” – This requires that a covered company have permission from a minor’s parent or guardian to sell personal information collected on the minor. Without the authorization of a parent or guardian, their information cannot be sold.
- “Non-Discrimination for Exercise of Consumer Rights” – The CCPA requires companies to no discriminate against consumers who have exercised their rights regarding the collection and use of their personal information.
The CCPA gives consumers more control over their personal data than any other data privacy law currently in effect in the US.
Making Your Business CCPA Compliant
Becoming CCPA compliant might seem like a big headache for most businesses. We are here to make your preparation for this new legislation smooth. Here is a list of things you can do to work towards making your business CCPA compliant.
- Provide directions on how to submit a personal information request. Any covered business is required to provide at least two methods of submitting and receiving personal information requests; at minimum a link on your website and a toll-free number should be provided.
- Option to Opt-out. If you are a covered business and disclose or sell personal information to a third party (what is deemed a “sale” under the CCPA), then you must provide a method for consumers to opt-out. This method must be in the form of a button labeled “Do Not Sell My Personal Information” that will redirect the consumer to a webpage where they can opt-out of their information being sold.
- What is done with the information? You must provide a list of all categories of personal information that has been sold in the past 12 months as well as a list of all categories of personal information that has been disclosed for business purposes in the past 12 months.
Still unsure on how to make your website CCPA compliant? Contact us and we can help!