The California Consumer Privacy Act (CCPA) was passed into law in 2018, the most comprehensive data privacy law yet in the United States. The law took into effect January 1, 2020, and will require all U.S. companies to implement a number of initiatives in order to make their companies data privacy compliant. CCPA began to be enforced on July 1.
Will I have to comply with CCPA?
CCPA doesn’t cover all businesses who simply operate in California and have an online presence. For one, your business needs to make at least @$25 million in revenue. Additionally, you also need to collect consumer “personal information” from more than 50,000 users, or make more than half your revenue off user data. In other words, not all businesses must comply – only large businesses who operate in California and tick these boxes will be forced to abide by the law.
What are the penalties?
The CCPA will be enforced by the Attorney General, and companies have 30 days to comply with the law once they receive a notice of violation from the authorities. If the company does not remedy the violation, statutory damages can go up to $7,500 per violation.
Conversely, if a consumer decides to bring legal action for statutory damages regarding breached consumer information, penalties can range from $100 to $750 per violation.
So, How do I Make my Website Compliant?
CCPA is the most sweeping piece of data privacy legislation in the United States to date, and will require website designers to update their websites in order to comply with the law. In order to ensure CCPA compliance, you should keep several key points in mind:
- Notify consumers of their CCPA rights, including the right to deletion, right to know, and data portability rights
- Ensuring opt-in / opt-out ability across site
- Ease of requesting information
- Data collection and processing
- Backend design
- Special concern for minors
Here are a few simple steps you can take in order to ensure that your websites are CCPA compliant today.
Next, you should include several easy contact methods that consumers can use to exercise their rights under the new legislation, should the opportunity come up. This can be achieved through a simple email prompt in a conspicuous “Do Not Sell My Personal Information” link on your website that directs consumers to submit an opt-out request. It must be clear that an account is not required to submit the request, by CCPA law.
For good measure, it might also be a good idea to include a very clear explanation of what data you collect on your consumers, how you obtain it, and what purposes it is used for. It’s very important to include a transparent step-by-step explanation of how customers can request and remove their data.
Ensure that an opt-in / opt-out Feature is Available
Under CCPA, it is not required for you to obtain consent. However, you do need to include an option for your consumers to opt-out of personal data collection in order to comply with the law.
Secure prior consent from minors between the ages of 13 to 16 before selling data
CCPA requires you to pay special attention to data privacy for minors. If your business deals in selling personal data information of California residents aged 13 to 16, you cannot do so without first obtaining their consent. Under CCPA, “Businesses can only sell the personal information of a child that they know to be under the age of 16 if they get affirmative authorization (“opt-in”) for the sale of the child’s personal information.”
These are only a few steps you can take to make sure your website is CCPA compliant. However, it is important that you go through the regulations themself and make sure that your website is up to snuff. If you need any further help making your website compliant, we are happy to help.