CCPA Enforcement Date Checklist
January 1, 2020 was the official effective date of the California Consumer Privacy Act (CCPA), but July 1, 2020 is the official enforcement date. In this post, we’re breaking down the CCPA for you and covering what it’s about, who it affects, and best practices for compliance.
What is the CCPA and who does it impact?
The California Consumer Privacy Act is intended to strengthen privacy rights and consumer protection for residents of California. If a business that collects the personal data of individuals meets one or more of the following conditions, they must adhere to the CCPA:
- Earns $25 million or more in revenue annually.
- Processes data of 50K or more consumers, households, or devices.
- Derives at least 50 percent of its annual revenue from selling personal information.
How do companies comply with CCPA?
The process of compliance with CCPA begins with understanding the importance of consumer rights and finding ways to protect those rights.
Understanding consumer rights such as access, data portability, deletion, sharing/selling disclosures, and opt-out or opt-in, are critical when responding to consumer rights requests. Companies should update rights management procedures, update their privacy policies, and develop a process to automate these requests in order to reduce the cost, time, and resources associated with manual fulfillment.
What are the benefits of CCPA?
The CCPA incentivizes companies to implement privacy by design to protect the data they collect and share. Increased transparency benefits a business’s reputation, especially as regulations evolve.
Do the California Attorney General’s newly proposed revisions change anything?
The latest operating rules are similar, however, when combined with the CCPA, nearly every part of privacy compliance is modified. If the Office of Administrative Law does not complete the review process in the expedited timeline, then only the “basic” CCPA will be enforced which does not include the operating rules.
What’s the difference between the CCPA and CCPR?
The California Privacy Rights Act (CPRA or CCPA 2.0) expands upon the privacy protections introduced by CCPA. It creates new privacy rights such as allowing consumers to stop businesses from using sensitive personal information and safeguarding children’s privacy by tripling fines associated with collecting and selling of a child’s private data. As this new Act plays out, we’ll be sure to keep you up to date!
If you’re just now implementing your CCPA strategy, here are the top things to consider:
- Understand what the CCPA is and if it applies to you
- Determine what data is collected from California consumers and for what purposes they are used
- Inform visitors what personal information is collected when visiting your website
- Offer an online form for consumers to access, request deletion, or opt-out of sales of their personal information
- Add a “Do Not Sell My Personal Information” link to your the homepage of your website and any page that may collect personal data
- Create a toll-free number for consumers to make consumer rights’ requests over the phone
- Maintain detailed, ongoing consent records for compliance
- Develop a process to respond to consumer requests within 45 days from when the request was made
- Obtain opt-in consent from children between ages 13-16 to sell their information; a parent or legal guardian required to opt-in on behalf of children under 13 years old
- Provide consumers who exercise their privacy rights the same products and service quality
CCPA Cookie Banner Best Practices
We recommend including the following when creating a cookie banner for CCPA:
- A button to accept or decline cookies. Although the CCPA doesn’t require consumers to opt-in to cookies before the website can drop cookies, it’s considered best practice to still inform the user about the data it collects. The cookie banner can include a link to a cookie settings page where the user can choose to opt-in or out, as well as view exactly what cookies they’re consenting to.
- The consumer must have the ability to withdraw consent for the sale of their personal information at any time in an easy-to-find spot on the website.
Get Started Today
Whether you’re just getting started or have a CCPA privacy strategy in place, there’s always room to improve! Leveraging CookiePro makes it a breeze to follow numerous regulatory guidelines.
Looking for a more detailed CCPA checklist? We have you covered. Download the CCPA checklist our team put together to help you navigate the CCPA.