California Consumer Privacy Act (CCPA) Comes in from 2020, Raising the Bar for US Privacy Protection

two coworkers using a computer with a login on the screen

Is your company in compliance with the new California Consumer Privacy Act that took effect on January 1st, 2020?

Even if your business is already GDPR compliant, you could still have additional obligations you are required to follow under the new California Consumer Privacy Act (CCPA). You need to understand the CCPA if you do business in California, or with any California resident, wherever they may be.

Let us help you ensure that your company is complying with the CCPA by giving you the highlights of what this new law requires from your business.

What is the California Consumer Privacy Act?

The California Consumer Privacy Act (CCPA) was first enacted in 2018, but it didn’t start taking effect until 2020. The CCPA creates new consumer rights regarding access to, deletion of, and sharing of personal information that is collected by businesses. The regulations are similar to those required by GDPR—but stricter.

What Rights Does it Give to Consumers?

The CCPA gives consumers more rights to help them protect the privacy of their personal data, so it’s not collected and sold without their permission. CCPA gives consumers the power to:

  • Know about the information companies are collecting about them online.
  • Request deletion of their personal data if it was collected without their consent or knowledge.
  • Refuse your company’s permission to collect and sell their personal data.
  • Not be penalized with lower levels of service or higher prices because they exercise their rights under the CCPA and file a complaint.

What Companies Have to Comply?

Businesses are required to comply with the CCPA if they meet at least one of the following criteria:

  • Your company does business in California, or with people who are legal California residents, wherever they happen to be.
  • Your company’s gross annual income is $25 million or more.
  • Your company purchases, receives, or sells personal data from 50,000 or more devices, households, or individuals.
  • 50% or more of your total annual revenue is from sales of your customer’s personal data.

Recommended Reading: User Experience vs. Customer Experience: What is the Difference?

How Do I Ensure My Company is Compliant?

Your company can ensure it’s complying with the CCPA by familiarizing yourself with the law and consulting a licensed lawyer with any questions or for clarification on the guidelines. In the meantime, take these steps to help you comply:

  • Inform your customers that you collect their personal data before you collect it.
  • Make it simple for your customers to say no if they don’t want you collecting their personal data.
  • Reply to any requests or complaints within the required time frames specified under the CCPA.
  • Have a disclaimer on your site informing your customers about any financial incentives your business receives from selling their personal data.
  • Include a detailed “privacy policy” and “terms and conditions” page on your website.

Recommended Reading: Why Your Site Should Be Accessible and What You Need to Do

What Will Happen to My Company if I Don’t Comply?

Enforcement of the CCPA, including fines, has been delayed until June 2020 to give businesses plenty of time to make the appropriate changes to comply. You must prepare your website for compliance before June, or your company could be forced to pay thousands of dollars in fines.

Recommended Reading: Future Holidays Named Top Shopify Development Company by

Latest Revisions to the CCPA as of February 2020

As mentioned above, the CCPA officially went into effect on January 1st of this year, and by February, lawmakers were already making revisions. Some of the changes we saw in February were:

  • Changes to the definition and scope of “personal information” and “household.” If personal information a business collects doesn’t link to a particular consumer or household, that information won’t be considered as “personal information” under the CCPA. The definition of “household” was revised to read as a group of people who reside at the same address or share a common device or service.
  • Businesses must follow the Web Content Accessibility Guidelines (WCAG) required by the World Wide Web Consortium.
  • Pop-Ups that collect personal information that a consumer would not reasonably expect must include a notice of the information that will be collected.
  • The categories of personal information have been changed.
  • An optional opt-out button has been provided for businesses to use in addition to the “Do Not Sell My Personal Information” link.
  • If you deny a customer’s request to opt-out due to a failed verification, you must offer them the opportunity to opt-out of the sale of their data.
  • The deadlines for responding to customer complaints have been changed. Your company must confirm requests to know or delete personal information within 10 business days instead of 10 calendar days.
  • Businesses can deny requests to know or delete personal information if you can’t verify the requested information within 45 calendar days.

The above information is only some of the changes that were made to the CCPA in February 2020. You’ll want to familiarize yourself with the latest version of the CCPA and take steps to stay informed on future revisions.

Final Thoughts

Are you ready to prepare your website for CCPA compliance, but you don’t know where to start? Our team of eCommerce experts can help you make the necessary changes, so you don’t have to spend your valuable time, or money, trying to do it yourself.

We’ll work with you one-on-one to make sure your website is compliant, and we can even help you optimize it to boost your sales. Our team has helped numerous clients redesign underperforming websites, so they are aesthetically pleasing, fully functional, optimized for SEO, and engaging to your customers.

“Future Holidays went above and beyond to meet all needs, while their transparency and ability to produce high-quality work earned them our trust.”
Josh Cohen, Director of Marketing for Intelligent Blends

“Future Holidays was very straightforward and responsive. They didn’t talk to us in a coding language and explained complex subjects in simple terms. We’re happy with everything.”
Jenna Jones, Chief Marketing Officer for Edens Garden

“Future Holidays built two user-friendly sites with great UX that are easy-to-use for customers and administrators. They’re communicative and creative. Masters of their space, they never missed a deadline.”
Katie Bosworth, Marketing Manager from Huntress

Let us help you get your website in compliance with the CCPA, so you can rest easy knowing your company is following the law.

Book your free consultation now to talk to one of our eCommerce experts today.