Time Until CCPA Goes Into Effect
What is CCPA?
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) introduces new data privacy rights for California residents – forcing companies that conduct business in the state of California to implement structural changes to their privacy programs.
The law is a response to the increasing role personal data plays in business practices and the personal privacy implications surrounding the collection, use, and protection of personal information.
Failure to comply with the CCPA can result in penalties up to $7500 (USD) for each violation.
- Scan your website to detect and categorize cookies and other tracking technologies on your website.
- Customize a cookie banner and preference center and include a “Do Not Sell” link to enable users to opt-out of advertising and data collection cookies on your website.
- Automate the intake and fulfillment of California consumers' requests to access or delete their personal information.
- Track do not sell requests by various unique identifiers, such as account number or device ID, and respond within 45 days.
Who Does the CCPA Apply To?
The CCPA is not focused on the size of your business, but whether it meets certain criteria as outlined below.
The CCPA applies to businesses, which are defined as for-profit organizations that collect personal information about residents in California, determine the purpose and means of the processing, does business in the State of California, and that meets one or more of these criteria.
Consumer Rights Under CCPA
Under the CCPA, businesses must inform consumers at or before the point of collection which categories of personal information will be collected and the purposes for which these categories will be used. The CCPA also sets forth specific disclosures that businesses must include in their privacy policies, including descriptions of consumer rights and how to exercise them.
Customize your website’s cookie banner with a California-specific consent model, and include a “Do Not Sell” link that allows users to opt-out of advertising and data collection cookies on your website.
- Scan your website to automatically find and categorize your existing cookies, policies, and notices.
- Present a custom cookie banner and preference center that allows consumers to opt-in or out of cookies.
- Add a clear Do Not Sell button to allow consumers to opt-out of the sale of their personal information.
Consumers have the right to request access to personal information that a business has stored about them, and the business is required to provide details about the information that was collected.
Intake and fulfill ‘Do Not Sell’ and consumer requests for personal information access and deletion.
- Build a CCPA-specific request intake web form linked directly from your company’s website.
- Centralize all consumer access requests into a single queue.
- Define an automated triage workflow for fulfilling requests.
Enable website visitors opt-out out of the sale of their personal information and opt back in after 12 months.
- Provide consumers with the ability to opt-out of the sale of their personal information through a clear and conspicuous link on your website
- Provide a custom toll-free number to automatically intake consumer requests via phone
- Track consumer opt-outs and leverage built-in integrations to relay the information to your existing systems
- Track verifiable consumer consent and sync across systems to avoid the unauthorized sale of data
Consumers can request to have their personal information deleted, and businesses must comply with their requests. Under the CCPA, personal information includes information such as name, postal address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
Intake and track requests through a fully customizable portal.
- Build a request form using a CookiePro template with default settings and multiple languages
- Define automated workflows for fulfilling the request within 45 days
- Transmit a notification to a data subject to protect the communications and information being provided
When a consumer makes a verifiable request for access to their personal information, organizations are required to provide records covering the 12-month period preceding the date of the request. This means that your organization should already be maintaining accurate records of consumers’ personal information starting from January 1, 2019.
By leveraging CookiePro, your organization can pinpoint where personal data resides and how it’s been used over the past 12 months.
- Provide records covering the 12-month period preceding the date of the request
- Streamline your ability to act when consumers exercise their rights to information and deletion
- Manage opt outs relating to the sale of personal information