The California Consumers Protection Act passed in 2018 that was put in place as a protection for personal data. This law was adopted because of the increase in the use of personal information in business practices. This law was passed in 2018 and officially takes effect as of January 1, 2020.
What does the CCPA do?
-The right to know what personal information is collected, used, shared, or sold.
-The right to opt out of the sale of personal data.
-The right to delete any personal information that is held by businesses.
-The right to non-discrimination when a consumer exercises their rights.
So what does all of this mean for you as a B2B business manager, and to who does it apply?
The CCPA applies to any company that falls under the following:
- Collects data from 50,000 or more California residents, households, or devices
- Has annual gross revenue above 25 million
- That makes at least 50% of their yearly revenue from sales to California residents
What qualifies as personal data?
According to the CCPA, personal data is any information that can identify, describe, relate to, or be linked to a particular consumer or household. This may include information such as name, email, IP address, geolocation, and employment information, among other data. However, publicly available information is not considered personal data under CCPA.
Consent
This act does not require that you have prior permission to collect data, but it does require that you obtain prior consent from minors before selling their data. For children under 13, permission must be obtained from parents or guardians; for minors ages, 13-16 consent can be given on their own.
Selling Data
While the CCPA does not prevent you from selling your users’ data, it does force you to allow users to opt out of their data being sold. Compliant websites must include a “Do Not Sell My Personal Data” link on their homepage so that users can easily opt out of having their data sold.
Selling Data
While the CCPA does not prevent you from selling your users’ data, it does force you to allow users to opt out of their data being sold. Compliant websites must include a “Do Not Sell My Personal Data” link on their homepage so that users can easily opt out of having their data sold.
How to make a website CCPA compliant?
There are specific requirements that need to be met by businesses to be compliant.
- Privacy policy with information on how and why personal data is collected.
- A privacy policy that includes information for your users to request access, change, or deletion of any personal data you have collected.
- Include a verification method for users making requests to verify who they are.
- Include a “Do Not Sell My Personal Information” link on the homepage.
- Obtain prior consent for selling minors’ personal data.
Privacy Policy
A website’s Privacy Policy is a document on your website that detail how user data is used and collected. The CCPA requires that you be transparent about your data collection and usage, and the best way to do this is through your privacy policy.
Consent From Minors
CCPA requires that permission be obtained before selling minors’ personal information. For children, age 13-16 consent can be from them, but for those younger than 13, it must be obtained from a parent or guardian. Consent for minors is obtained by asking these visitors whenever they come to your website. Failure to obtain permission to sell a minor’s personal data can result in fines. Ensure that you are keeping proper documentation of both users who allow and deny the selling of their data.
Easy Contact and Verification
The CCPA grants California residents the right to access and protect their personal data, and it is your responsibility to make it easy for them to reach you about this. You must have two or more methods available for consumers to contact you concerning their personal data. Whenever individuals contact you with personal data-related requests, you have a responsibility to verify that they are indeed who they claim to be. Issues like data breaches and phishing have made it easier for fraud to be committed online. Businesses have the responsibility of verifying the identity of the individual and making any request involving personal information.
Make Sure You Are Compliant
The CCPA will impact a large number of companies in the country. Websites will require updates both on the front and backends in order to be compliant with this regulation. When managing the necessary updates for your website, make sure to work with an experienced professional. Make sure that all requirements needed for your website to be compliant are met correctly. At Right On Tech, we have the know-how to get you fully compliant with the CCPA. Contact us for a free consultation today.