The California Consumer Privacy Act (CCPA) is a bill passed by the California legislature and signed into law by its governor on June 28, 2018. The bill is expected to become effective on January 1, 2020. The bill was introduced and passed for the purpose of protecting and enhancing the privacy rights of California residents.
The CCPA is similar to the EU’s General Data Protection Regulation (GDPR) but with a few differences. One of the primary differences is in the definition of what constitutes personal information. While the GDPR covers any personal information collected, with the exception of data the consumer made public themselves, the CCPA covers only information supplied by the consumer and excludes any that was purchased or acquired by third parties.
What does the CCPA cover?
With the intention to enhance and protect the privacy rights of California residents, the CCPA provides them with the ability to the following rights:
- Knowledge of what personal information about them is being collected.
- Knowledge of how their personal information is being used, whether it is being sold or disclosed to another, and to whom it is being given.
- The ability to disallow the sale of their personal information.
- An ability to access their personal information.
- The ability to request that a business delete any personal information it has collected about them.
- The knowledge that they cannot be discriminated against if they choose to exercise these privacy rights.
This new bill will require a change in information exchange when dealing with the residents of California. Any for-profit business that meets the following criteria will be subject to the CCPA ruling when interacting with a resident of California online.
- The business has an annual gross revenue of $25 million or more.
- Your business buys or sells personal information of 50,000 or more California residents, households, or devices.
- The business earns more than half of its annual revenue from selling consumers’ personal information.
With these criteria in place, it will be more than just California based businesses that will need to implement a change in their security practices.
Requirements of the CCPA
The new regulations will require any for-profit business that fits the criteria listed above to be responsible and accountable for how they deal with the personal information for any consumer from California. Businesses will be required to do the following:
- Implement processes to obtain parental or guardian consent for minors under 13 years of age.
- Add a link on their website that will allow the consumer to choose whether or not they give permission for the business to sell their personal information.
- Implement a method for consumers to request their personal information from the business.
- Update their privacy policies in accordance with the rights given by the CCPA to California residents.
- Avoid requesting opt-in consent for a 12-month period after a California resident opts-out.
How can you ensure you meet these requirements?
If you believe that your company is subject to the CCPA, then you will need to take steps to ensure that your website is compliant with the new law. Contact your development team so they add the necessary opt-in features for California residents. If you are unsure of how to implement these changes, Effect Web Agency can help you determine what is needed.