Sharing personal information online has become an integrated part of life for most people. This shift has led to increasing concerns about the privacy and control of personal data.
The California Consumer Privacy Act (CCPA) is one of the recent responses to those concerns, introducing new legal requirements for companies who collect the personal information of California residents. It gives people more control over their personal data and privacy online by clearly defining consumer rights and how businesses should support them.
Read on for more information about who must comply with the CCPA, the rights it gives to consumers, and how that translates to your website.
Disclaimer: This post is purely informational and is not legal advice. Always consult your company’s legal counsel to answer any specific questions and determine the exact requirements for your website.
Does the CCPA apply to my business?
While the consumer rights outlined by the CCPA are only applicable to California residents, the regulations must be followed by any business that meets one of the following requirements:
- Has over $25 million in gross annual revenue
- Buys, receives, or sells personal information for 50,000 or more California residents, households, or devices
- A 50% or more of their annual revenue selling the personal information of California residents
There are some exceptions to the above requirements, such as nonprofits or government agencies.
What rights do consumers have under the CCPA?
The CCPA states that consumers are entitled to:
- know what personal information is being collected, as well as how it’s being used and shared
- delete personal information collected
- opt-out of any selling of personal information
- exercise privacy rights without discrimination
In this context, personal information is defined as “information that identifies, relates to, or could reasonably be linked with you or your household.” (Source)
What changes should I make to my website to be CCPA compliant?
If your business falls within the requirements, you’ll need to evaluate and update your website according to CCPA regulations. Below are the key changes required by the CCPA.
Required notices & policies
In order to meet CCPA requirements, you must include the following on your website:
- A notice at or before the point of collection that explains what data is collected and how it will be used. This information should be clearly presented to the user in an obvious location. For example, you might include this link alongside forms and on your homepage.
- A link to your privacy policy conspicuously placed, such as on the homepage of your website. Your privacy policy must include specified information about personal data collection, so consult with your legal team to ensure you have the proper information included. Additionally, consider placing this in the footer of your website to ensure it’s easily accessible from all pages.
- A “Do Not Sell My Personal Information” link where users will find information about your policies and how to opt-out. Like the privacy policy, this link needs to be distinct and easily accessed.
- A notice of any financial incentive for providing personal data.
Adding this information to your website might require the help of a web developer. If you are unsure of how to get this information onto your website, contact your web team to help with any technical steps.
Request management
For most businesses, at least two methods must be provided for consumers to submit a request to know or delete, with the minimum requirement being a toll-free phone number. Any requests need to be confirmed within specified time frames depending on the type of request. The identity of the consumer needs to be verified in some instances as well. Furthermore, businesses must keep records of these requests.
To ensure you’re meeting all of these requirements and responding in a prompt manner, you’ll want to develop a well-defined process for collecting and responding to customer requests. You should do proper testing to ensure any forms on your website are working properly and that they are going to the right people. Check that you have a way of recording these requests with whatever tools you are using.
If you are using a marketing automation software or a content management system, there might be specific features available to help with managing these requests. If you don’t have the proper technology in place to manage this workflow, loop in your web team for help.
Accessibility
Another key aspect of the CCPA is that any of these supporting notices and policies must be accessible to all users, including those with disabilities. The CCPA documentation recommends following the WCAG 2.1 guidelines to ensure accessibility for web content.
Where can I learn more about the CCPA?
The information provided here is a high-level overview of the CCPA and what it means for your website. For more detailed information about the CCPA requirements and regulations, visit oag.ca.gov/privacy/ccpa.