Customer data collection is a double-edged sword, and an increasingly sharp one at that. While it’s necessary for all businesses to store some level of information about their customers, technology has opened the floodgates and made collecting (and selling) data an unfortunate norm. As maintaining consumer privacy has become even more difficult, governments have stepped in to protect it. Enter the California Consumer Privacy Act (CCPA), for example. We wanted to share a little more about this law, so you understand how it might impact you and how to achieve CCPA compliance.
What Is The CCPA?
In a nutshell, this law gives people in California a better idea of what information is being collected about them online, and how it’s being used. It also allows them to find out with whom this information is being shared. So, how does that look on a practical level? Well, users have the right to ask companies what information they have about them, and to ask them to stop storing their information if they wish.
You probably aware of the General Data Protection Regulation (GDPR), which was enacted in 2018 in the European Union. The CCPA is somewhat in the same spirit as that, but is an “opt-out” model of information sharing while GDPR is an “opt-in” model.
The CCPA applies to you if your company is a for-profit entity that does business in California and meets any of the following criteria:
- Has a gross annual revenue of over $25 million;
- Buys, receives, or sells the personal information of 50,000 or more California residents, households, or devices; or
- Derives 50% or more of its annual revenue from selling California residents’ personal information.
How Do I Achieve CCPA Compliance?
Given that the CCPA went into effect on January 1, 2020 and that penalties can be up to $7,500 per intentional violation, compliance is a must. Here’s a breakdown of how you can make sure you’re complying with the necessary regulations.
First, add a hyperlink on your homepage that says “Do Not Sell My Personal Data.” This should lead people to a landing page, which offers consumers options to request, move, change or delete data. This landing page should also clearly state the type of information you collect, how you use it, a description of consumers’ rights and more.
This tech giant has its own system in place to achieve compliance with CCPA, but you’re always welcome to take your own precautions as well. To do so, send Facebook a parameter to indicate that a person in California has opted out of the sale of data or that the business has opted to have Facebook process data as a service provider. The signal is sent through an array called Data Processing Options, and it can optionally include a user’s country and state.
You may be wondering if your email marketing lists will now need to be scrubbed or changed, but we’re not seeing that that’s necessary yet. We’ll be sure to update you if we find out anything differently there.
Once you’ve taken the steps we’ve outlined here, we recommend amending your contracts with your vendors and anyone who has access to information through your sites. This could mean plugins, cookies, etc., and you’ll need to make sure they’re compliant with the CCPA as well.
We know this and other consumer privacy laws can be a little bit daunting, but we’re here to help you sort through the noise. Let us know if you have any questions, or if we can help you understand CCPA compliance.