Making sense of the new California Consumer Privacy Act

Effective January 1, 2020, the California Consumer Privacy Act (CCPA) will go into effect. CCPA is a law passed by California to protect the data and privacy of its residents. CCPA won’t replace current California privacy laws, but will instead function alongside them.

Why is CCPA needed?

According to CCPA, businesses have to be more upfront about how they collect website visitor data and how this data is used. In particular, CCPA requires companies to specify what data is collected and whether this data is being sold. CCPA does not mean that you can no longer sell the user information which you collect. Instead, you’ll have to go through some additional steps to comply. Also, CCPA requires consent from minors before selling their data and consumers can now prevent businesses from selling their data.

When does this go into effect?

CCPA goes into effect on January 1, 2020. Businesses will have until July 1, 2020, to fully comply.

Who does the CCPA apply to?

The CCPA applies to for-profit legal entities that do business in California and meet one of the following:

  • Have annual gross revenues over $25,000,000
  • Annually buys or receives for commercial business purposes, sells or shares, the personal information of 50,000 or more Californian consumers, households or devices
  • Derives 50% or more of its annual revenues from selling the personal information of Californian consumers.

What do I need to do to comply?

For compliance with CCPA, the following steps are recommended.

  • Update your privacy policy to clarify what data is collected and how it is used
  • Get consent from minors age 13 – 16
  • Provide a way for users to change their data
  • Verify the user’s identity when requested
  • Provide a homepage link for “Do Not Sell My Personal Data” requests
  • Record and keep all communication exchanges with consumers regarding data

What are the penalties for violating CCPA?

If you’re not in compliance with CCPA by July 1, 2020, the California Attorney General will notify you. Once notified, you’ll have 30 days to respond and comply. If you don’t meet compliance within those 30 days, you could have a civil case brought against you. In addition, you could face fines of up to $7,500 per violation.

Where can I find more information about CCPA?

Want to learn more about the CCPA? We’ve got you covered. Here are some helpful links. 

Summary

If your company needs to comply with CCPA, changes will need to be made on your website. At Echo, we can help. Please contact us at 630-300-3288 to discuss your situation or shoot us a note via our contact form.