How Will the CCPA Affect Your Business?

As a user of the Internet, you’ve likely heard rumblings the past few years about privacy and the rights we have when it comes to how our personal information is collected and used.

Last year, the General Data Protection Regulation (GDPR) went into effect in Europe. The purpose of the GDPR is to provide control of personal information to individual citizens of the European Union and the European Economic Area.

At the time the GDPR went into effect, you likely received emails from brand newsletters and email communications asking you to affirm your opt-in to their email list. Though the United States as a whole doesn’t have a standard regulation, U.S. businesses conduct sales and transactions throughout the world. The email privacy notices you receive, and even the notifications by American websites of their use of cookies, is due to the GDPR—and in anticipation of this type of regulation in the U.S.

Over the last two years, California has been working on state legislation to similarly protect and provide control of individual personal information to residents of their state.

The California Consumer Privacy Act (CCPA) was signed into law in June 2018, and launches into effect January 1, 2020.

According to Wikipedia, the intentions of the act are to provide California residents with the right to:

• Know what personal data is being collected.
• Know whether their personal data is sold or disclosed and to whom.
• Say “no” to the sale of personal data.
• Access their personal data.
• Request a business to delete any personal information about a consumer collected from that consumer.
• Not be discriminated against for exercising their privacy rights.

How is Personal Data Defined by the CCPA?

The CCPA defines personal data as information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular consumer or household such as a

• Real name
• Alias
• Postal address
• Unique personal identifier
• Online identifier
• Internet Protocol address
• Email address
• Account name
• Social security number
• Driver’s license number
• Passport number

or other similar identifiers,” according to the CCPA Wikipedia page.

What Businesses are Affected by CCPA?

The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, which does business in California, and satisfies at least one of the following thresholds:

• Has annual gross revenues in excess of $25 million;
• Buys or sells the personal information of 50,000 or more consumers or households; or
• Earns more than half of its annual revenue from selling consumers' personal information.

How do I Comply With CCPA?

• Implement processes to obtain parental or guardian consent for minors under 13 years and the affirmative consent of minors between 13 and 16 years to data sharing for purposes (Cal. Civ. Code § 1798.120(c)).
• “Do Not Sell My Personal Information” link on the homepage of the website of the business, that will direct users to a web page enabling them, or someone they authorize, to opt out of the sale of the resident's personal information (Cal. Civ. Code § 1798.102).
• Designate methods for submitting data access requests, including, at a minimum, a toll-free telephone number (Cal. Civ. Code § 1798.130(a)).
• Update privacy policies with newly required information, including a description of California residents' rights (Cal. Civ. Code § 1798.135(a)(2)).
• Avoid requesting opt-in consent for 12 months after a California resident opts out (Cal. Civ. Code § 1798.135(a)(5)).

For more information about CCPA and how it might affect your business with the citizens of California, see the CCPA Wikipedia page or Californians for Consumer Privacy. For assistance with making your site CCPA and GDPR compliant, reach out to us at SHERPA Global!