Jan
23

CCPA Readiness and Compliance

With the enactment of California’s CCPA law as of January 1st, 2020, many companies have been left scrambling to comply, asking the question “How do we prepare ourselves?” With laws such as GDPR enacted in Europe during 2018 and similar developments in California,  understanding these complex privacy requirements is becoming more and more crucial to adapting and evolving in the online landscape.

The risks to be had after CCPA’s enforcement date of July 1st, 2020 are nothing to scoff at, with up to $7,500 in fines per violation and the risk of losing consumer trust over failure to comply. However, there are plenty of things businesses can do to prepare themselves in the coming months. Below are answers to some of the most common questions Orange142 has received in regards to how to ready your business for the new legislation upon us, and similar laws that may follow it in the future.

What is CCPA?

The California Consumer Privacy Act is a piece of legislation brought into effect on January 1st, 2020 to provide the right to consumers in California to know what data various companies have collected on them, how it is being used and requires the consumer an easy opportunity to opt-out of data collection should they choose. The law describes the applicable personal information as such that “could be reasonably linked, directly or indirectly, with a particular consumer.” The law will begin being enforced as of July 1st, 2020 and will apply to companies that meet any of the criteria below:

  • Anyone that does business in the state of California
  • Gross annual revenue above $25 million USD
  • Any company that processes the personal information of 50,000 or more households, residences, or individuals in the state of California annually.
  • Any business that derives more than 50% of its revenue from selling the personal information of users in exchange for monetary assets or valuable consideration.

How Does CCPA Compare to GDPR?

CCPA and GDPR are two sides of the same coin in terms of data privacy regulations, but there are some key differences between the two. GDPR’s primary goal is to receive consent prior to the collection of data to ensure that customers are opting into the process and data is not being collected unknowingly. CCPA however, does not require consent at the point of data collection but instead requires that the user is notified that their information has been collected and that they have accessible options to learn what kind of information was collected and the option to remove themselves from future collection.

How to Prepare Your Site for CCPA

Getting prepared for CCPA can be achieved through a few simple steps:

  1. Make sure that your Privacy Policy is up to date to include the various categories of information your company and it’s vendors collect about your site’s users in a clear and accessible manner. We recommend working with your lawyer to draft the appropriate verbiage for the Privacy Policy.
  2. Through a pop-up, or some other means to notify customers once their information has been collected, direct them to your updated Privacy Policy if they would wish to learn more or opt-out.
  3. Provide an opportunity to opt-out of data collection and a contact phone number for any user looking to inquire more about the information your company holds on them. (Must be a toll-free number)

Alert Example: “By using our website, you accept our cookie policy. Please refer to our Privacy Policy and Terms of Use for more information, or to opt-out of data collection.

Below is a link to be included in your privacy policy to ensure the opportunity for users to opt-out. This must be added to their Privacy Policy in addition to the necessary data collection verbiage.

http://optout.aboutads.info/?c=2&lang=EN

Lets Talk.