By now you have probably heard of the California Consumer Privacy Act, most commonly referred to as the CCPA. If you are like me, you are probably wondering what is the CCPA and is it something that impacts me or the advertisers I work with? There is a wealth of great knowledge to be found regarding this topic online, my hope is to shed some light on the history of the CCPA and its impact on websites and finally, our recommendation moving forward.
History of the CCPA
The CCPA passed in November of 2018, as a substitute bill for the Consumer Right to Privacy Act of 2018 that originated in early 2018. Interestingly enough, the CCPA is actually a pared down bill that was passed as part of an agreement to remove some of the more restrictive text from the original Consumer Right to Privacy Act. The CCPA was approved by the governor of California on June 28, 2018 and the bill goes into effect on January 1, 2020. This bill continues to evolve and may look a bit different by the time the California Attorney General can begin enforcement on July 1, 2020. You can read more about this here. The question many are asking is, does this bill apply to me? Should I even be concerned about it?
If your business meets any of the criteria below, then you will be affected by the CCPA. Remember, if you are a business that has customers in California, then these criteria apply to you as well.
- Any business that has more than $25 million in revenue, or
- Any business that derives 50% or more of its annual revenue from selling consumers’ personal information
- e.g. selling a consumer’s personal information to another business for money or other valuable consideration
- More information is available in this post by the IAPP
- Any business that does any business in California
How does the CCPA Impact Websites?
The impact of the CCPA will vary based on the nature of your site and where your site visitors reside. If your website qualifies based on the criteria above, here are 5 things you will need to do to ensure that your website is CCPA compliant:
- Update your privacy policy providing information on how, why and what personal information is collected and processed.
- Update your privacy policy advising your users on how they can request access, change, or have their personal information that was collected removed.
- Provide a way to verify the identity of the person making these requests.
- Add a “Do Not Sell My Personal Information” link on your website’s home page.
- Make sure to get prior consent from minors aged 13-16 before selling their personal data. You have to get prior consent from the parents of any minors younger that are 13 years old.
Source: https://secureprivacy.ai/what-is-ccpa-and-how-to-become-compliant/#websitecompliance
One very important thing to keep in mind is that as the law is currently written, you can not discriminate against anyone who requests that their information be changed or deleted.
Here is One Thing You Should Know about the CCPA
The FTC will begin enforcement on July 1, 2020, however since the bill went into effect January 1, 2020 in the state of California consumers can, and are already requesting how their information is used. Oftentimes they are requesting that their information be erased. Make sure you have a plan in place for how you will respond to these requests.
While California may have been the first state to put a bill into law, they certainly are not the last, as many as 10 other states including New York, Nevada and Maine are already working to create their own laws. This article provides some excellent insight about what states outside of California should know about the CCPA. Be informed of the latest changes to the CCPA and other privacy initiatives, i.e. browser updates, etc to make sure you don’t fall behind or worse yet, compromise your site visitor’s trust by not keeping your website up to date. Knowledge is power and staying on top of these laws, knowing what changes you will need to make to your website to remain compliant will be essential to your survival in 2020 and beyond.
Here are the three things the CCPA requires:
- Opt-out of the “sales” of their personal information
- Access what information has been collected on them
- Request to have their data deleted
Here is our recommendation
We are not lawyers, nor do we portray them on television, our non-legally binding recommendation regarding the CCPA is to make sure your site is compliant. Stay up to date on privacy laws, including the CCPA. While this law may not have a large impact on your business, other bills are coming and I am guessing we will soon see them nationwide as more states follow in California’s footsteps. Ensuring compliance now could cost your company money in the long run.
