California Consumer Privacy Law CCPA coming January 2020
The California Consumer Privacy Act (CCPA) comes into effect in 2020 and the exact language of this privacy bill will change but... the core concept won't change: offer customers access to, control over, and protection of personal data.
GDPR and CCPA are changing online business.
Compliance measures should be put in place now. Companies need to ensure that they obey CCPA when they collect, use, sell, and share consumer data. The consequences include stiff fines.
The severe penalties and financial harm that noncompliance of this bill result in apply to large businesses, but even small businesses should prepare for it (Note that CCPA does not apply to nonprofits). And while CCPA privacy rules do not apply to you small business and nonprofits yet, there is a good chance that similar rules will sometime soon.
There is the possibility that some requirements will nevertheless apply to a small business (e.g. if that company is considered a service provider by a larger business covered by the law). So even small businesses should determine if they have CCPA obligations directly or because they have contractual obligations flowing from a business.
Small businesses may not face the compliance burdens under CCPA but many small businesses must nevertheless be prepared to enhance their privacy protections as the law comes into effect at the beginning of next year. CCPA provides small businesses with an incentive thinking about how they process and protect customer personal data.
How to comply?
Start by asking:
- What kind of personal information you are collecting and/or processing
- How are you collecting and processing it
- Why do you need it and what are you using it for
- Who are you sharing the personal data with or selling the data to
- How can consumers access, change or delete any personal data that you possess
- How will you verify the identity of the individual or household making the request
- Once you understand your data collection this should be communicated via an online privacy policy in order to ensure a CCPA-compliant website.
- CCPA requires your website to have an opt-out checkbox and a “Do Not Sell My Personal Information” link on the homepage. An opt-out checkbox must be placed everywhere your website collects data, e.g. e-newsletter subscription forms.
Homepages must feature a conspicuous “Do Not Sell My Personal Information” link, making it clear to CA consumers they can ask companies to stop trading their personal data.
If your website has already become GDPR compliant then most of the work has already been done. Take a look through your entire site to ensure language on cookies, Privacy Policy, data collection and opt-in/out disclaimers all conform to GDPR and CCPA.
Summary of website changes to make for CCPA compliance:
- Update Privacy Policy
- Include Opt-Out check boxes where data is collected
- Provide cookie notifications
- Publicize easy access to personal data
- Create a system to verify the identities of anyone requesting user data
- Develop a notification system to alert users of privacy policy changes or data breaches
Please contact Kahl Consultants soon if you would like additional assistance with CCPA compliance.
See also:
https://www.csoonline.com/article/3429580/what-is-the-ccpa-and-why-should-you-care.html
