Consumers have understandably been concerned about their personal information and the ways businesses with interact with it. That concern has spawned a host of new legislation, not only in the United States, but around the globe. The recent passage of General Data Protection Regulation (GDPR) in the European Union gave consumers sweeping new rights regarding their personal information, including the requirement that they give their consent to the ways in which personal information is used. Now, new legislation in the state of California seeks to give similar rights and protections to the citizens of that state.
The California Consumer Privacy Act (CCPA) Assembly Bill 375 (AB 375), empowers California residents by enabling them to request seeing personal information saved by any company serving California residents. Not only are the companies required to show the consumer all the personal information they have but are also required to disclose any third party with whom they have shared the consumer's information. Staying well-informed on legislation for this act is extremely important as it can be amended in the future to include additional requirements or regulations. If the CCPA is violated, consumers are within their rights to legally hold the company accountable, which may result in a lawsuit and/or fine(s).
WHAT DOES THE CCPA REQUIRE?
California Governor, Jerry Brown, signed the Act into law in June 2018. The Act was born from a ballot initiative that collected over 600,000 signatures. Acts are preferred over ballot initiatives since they can be amended in the future, whereas ballot measures cannot be easily amended once initiated.
According to the California Legislative Information and Attorney General of California Department of Justice websites:
The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including:
- The right to know which personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information; and
- The right to non-discrimination for exercising their CCPA rights.
Businesses are required to give consumers certain notices explaining their privacy practices. The CCPA applies to many businesses, including data brokers.
DO THE PROVISIONS OF CCPA APPLY TO ALL ECOMMERCE BUSINESSES IN CALIFORNIA?
Not every eCommerce business in California will be substantially impacted by the new legislation. The major provisions of CCPA will, however, apply to any business (including any eCommerce business) in California if any of the following conditions is true:
- Your eCommerce business has gross annual revenues of greater than $25 million
- You buy, sell, receive, or share for commercial purposes personal information for 50,000 or more consumers, households, or devices in the state
- You get 50% or more of your annual revenues from selling consumers' personal information in California
WHERE CAN YOU GET CCPA IMPLEMENTATION GUIDANCE?
Here are two considerations for getting your business set up correctly, along with links to a few resources for facilitating CCPA compliance:
1) CCPA Toll Free
Companies required to comply with the California Consumer Privacy Act (CCPA) need a toll-free number in most cases. CCPA Toll Free is a simple, cost-effective solution for managing privacy requests from consumers (DSARs) for your business. The CCPA Toll Free solution allows you to access the 866-I-OPT-OUT privacy hotline or a dedicated toll-free number and enables you to track and manage consumer privacy requests with ease. This demonstration video provides and in-depth look at the CCPA Toll Free solution, including our privacy compliance dashboard. If you have any questions about the service, see the Contact Us portion of the CCPA homepage at www.ccpatollfree.com. CCPA Toll Free Number Solution Demo: https://www.youtube.com/watch?v=z6b_R2o_2ng&t=22s
2) Web Form Requests
Still not sure you're CCPA compliant? We'll point you in the right direction. Contact Us!
California Consumer Privacy Act of 2018: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5
State of California Department of Justice: https://oag.ca.gov/privacy/ccpa