CCPA Website Compliance: What Is It and How Does It Impact My Website?
The California Consumer Privacy Act, or CCPA, was passed in 2018 and became effective on January 1, 2020. Given the potential for non-compliance penalties, understanding this law is vital for any business that sells to California residents. Here is what you need to know and how to ensure your company is in website compliance as part of your digital marketing strategy.
What is the CCPA?
This law’s central goal is to give consumers more control over their personal information and what businesses collect about them. With that goal in mind, the CCPA secures privacy rights for consumers in California, including:
- The right to know about the information a business collects about them and how it is used and shared.
- The right to access their personal data.
- The right to delete personal information collected from them, with some exceptions.
- The right to refuse the sale of their personal information.
- The right to not be discriminated against for exercising their privacy rights.
All businesses collecting personal information or data from California residents must comply with the CCPA. And while it may be tempting to think that only California-based businesses must comply with the CCPA, that is not the case. Any business that conducts transactions with California residents must comply, including those based elsewhere. For online vendors, this requirement also means that their website must be CCPA-compliant.
Even vendors who comply with the European Union’s General Data Protection Regulation (GDPR) must understand the differences between the two regulations to ensure website compliance. The GDPR has similar restrictions in place but with some key differences. For example, while GDPR creates a ‘privacy by default’ approach to personal information, the CCPA allows consumers to understand better how their data is being used.
Who must comply with the provisions of the CCPA?
To determine what changes must be made to your company’s website, you must first determine whether the law applies to your company. The CCPA applies to any company that collects and processes consumer data for a profit, provided that the business meets at least one of the following conditions:
- Has an annual revenue exceeding $25 million.
- Buys or sells the personal information of 50,000 or more consumers or households.
- Earns more than half of its annual revenue from selling consumers’ personal data.
The other contingency on the CCPA is that the company must complete transactions with a California resident. Many companies that participate in e-commerce will easily satisfy this criterion.
How can I make my company’s website CCPA-Compliant?
There are several key actions you can take to ensure your website is CCPA-Compliant. These include:
Adding a hyperlink to your site that users can click if they want to opt-out of the sale of their data
The link must be on the website’s home page and present, even if your business does not sell its customer data. It must also be clickable and easily viewed by anyone visiting your website.Create a landing page for the link to take customers to the information or forms they need related to privacy rights
This landing page should have information about your business and how it uses (or doesn’t use) consumer information. It should also allow customers to request, move, change, or delete personal data. This page should be very direct and explicit about privacy rights.Provide an alternative format for consumers to alert you about their data.
The CCPA mandates that companies have at least two methods for consumers to alert them of their privacy rights and decisions. As an alternative to the landing page on your website, you can also provide a mail-in address or telephone number that consumers may use to alert your business.- Update your privacy policy. The CCPA requires that every company update its privacy policy at least once annually. It also requires that your privacy policy include the following information:
- A description of consumer rights under the CCPA.
- A description of at least one designated method for consumers to submit CCPA requests.
- A list of consumer personal information categories they have collected, disclosed, and/or sold in the previous year.
What happens to companies that fail to comply with the CCPA?
The CCPA has several methods of enforcing its privacy regulations. First, the Attorney General of the state of California can bring legal action against any company that remains non-compliant 30 days after it has been notified of a violation. Additionally, your business could face up to $7,500 in fines for each violation or consumer. These fines can quickly add up for businesses with many customers since each one whose privacy rights were violated counts as a single violation.
Given the harsh penalties for non-compliance, it may be worthwhile to partner with a managed service provider for assistance with CCPA changes related to website compliance. To learn more, contact eGlobal Web Solutions today.
eGlobal Web Solutions specializes in marketing your business via the digital marketplace. We use search engine optimization, social and review promotion, and Email marketing for all types of businesses, from local to global. We utilize various digital marketing techniques to increase your internet presence, optimize your traffic and generate new business.