WHAT IS THE CALIFORNIA CONSUMER PRIVACY ACT?
If we've learned anything from 2019, it's that privacy is serious concern. As a result, websites, programs, and apps are constantly updating user agreements in an effort to avoid disastrous data breaches – and consumers are becoming more cautious about how they share information.
Essentially, the California Consumer Privacy Act (CCPA) will help Californians maintain control over their data. It prohibits businesses from collecting their data and personal information without permission. For consumers, this is great news. For businesses? It can spell trouble, so we're empowering our clients to take proper precautions with that most valuable asset: knowledge.
DOES THE CCPA APPLY TO MY BUSINESS?
If your business interacts with consumers in California and you want to determine whether the CCPA applies, ask yourself the following questions:
- Do your annual gross revenues exceed $25 million?
- For your business’s commercial purposes, do you annually buy, receive, sell, or share (alone or in combination) the personal information of 50,000 or more consumers, households, or devices?
- Does your business earn 50% or more of its annual revenues from selling consumers’ personal information?
If any of the above applies to your business, the CCPA does too. Therefore, the law will apply whenever you're collecting or selling a consumer’s personal information.
WHAT CLASSIFIES AS PERSONAL INFORMATION?
The CCPA is very specific about what counts as personal information, but you might be surprised by what that includes. Read the CCPA's full definition here or read on for the quick version:
- Identifiers such as a real name, postal address, or IP address
- Internet or other electronic network activity information
- Geolocation data
- Using any of the above information to create a consumer profile
In short, any analytics tag loading on your website collects data that will fall under the CCPA umbrella, which means you'll need to follow the CCPA requirements.
WHAT IF I DON'T COMPLY WITH CCPA?
If your company isn't in compliance with CCPA, the penalties can add up quickly. Each individual consumer record merits a separate violation, and these violations compound. There are two types of violations:
A third-party platform may be collecting personal information from your website users without your knowledge, but you can still be held responsible. And responsibility doesn't come cheap – a non-intentional violation can carry a fine of up to $2,500 per record.
Intentionally violating the CCPA? Obviously, the fine for an intentional violation is far greater. This type of violation can cost you up to $7,500 per record.
We know what you're thinking: Yikes. But there's no need to panic. The fact that you're here reading this article means you care, and you'll have this sorted out in a snap. Understanding how your website collects and shares information really isn't so tricky. Plus, it will benefit your business in the long run.
HOW DO I MAKE MY WEBSITE CCPA COMPLIANT?
The CCPA went into effect on January 1, 2020 and enforcement will begin on July 1, 2020. This makes for a time crunch, but you can still get your ducks in a row. Prioritize the following to ensure your business complies with the CCPA:
- Be transparent. Inform your consumers if their personal information will be collected. Tell them how it will be used.
- Feature a disclosure. Notify the visitor of personal information collection on your homepage or landing page.
- Mention the CCPA. Include specific information about the act in your website's Privacy Notice.
- Make opting out easy. Give the consumer a way to refuse the sale of their personal information.
To sum up, CCPA compliance means offering your customers clarity, honesty, and privacy. Sounds pretty great to us.