As we near the end of the year, keep in mind that the California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020. When California signed the CCPA into law in June 2018, it became the first state in the U.S. to work towards protecting the privacy of American consumers. Even if your business is not located in California, it is important to take the time to find out if it needs to comply with the CCPA’s requirements.
The CCPA gives “consumers” (defined as natural persons who are California residents) four rights that allow them to exert more control over their personal information:
- The right to know what personal information a business is collecting about them, where it is sourced from, what it is being used for, whether it is being disclosed or sold, and to whom it is being disclosed or sold. All of these disclosures should occur within a privacy policy or upon request by the consumer.
- The right to “opt-out” of allowing a business to sell their personal information to third parties. Consumers who are under 16 years old must opt-in in order to allow their personal information to be sold, and businesses must obtain the consent of a parent or guardian for children under the age of 13.
- The right to request that a business delete their personal information, with some exceptions. The businesses must let the consumers know that they have this right.
- The right to receive equal service and pricing from a business, regardless of whether or not they exercise their privacy rights under the Act.
If your business is not located in California but makes sales in the state, it may be likely that your website will also have to be in compliance with the CCPA. If your business meets at least one of the following criteria, then the CCPA applies to you:
- The business must generate annual gross revenue in excess of $25 million,
- The business must receive or share personal information of more than 50,000 California residents annually, or
- The business must derive at least 50 percent of its annual revenue by selling the personal information of California residents.
Nonprofit businesses, as well as companies that don’t meet any of the three above thresholds, are not required to comply with the CCPA but should start seriously considering making their website compliant.
If you want to make your website CCPA complaint, contact us today and we can help get you started.