The California Consumer Privacy Act (CCPA) is the strongest privacy legislation in the U.S. to date, which will impact businesses across the country. Set to go into full effect on January 1, 2020, the law is designed to give consumers more control over their private data.
Even if you’re not in California, you should be paying attention to CCPA. Privacy is a hot topic, especially after the high-profile data breaches from Facebook, and while CCPA may or may not affect you directly, it’s likely only the first of many privacy laws to come.
What is CCPA?
CCPA stands for the California Consumer Privacy Act, a comprehensive privacy law affecting how businesses collect, use, and share consumers’ personal information. The law was passed on June 28, 2018, but it’s hitting the news now because businesses need to comply by the beginning of 2020.
CCPA is frequently compared to GDPR, Europe’s General Data Protection Regulation, which has been forcing businesses around the world to reconsider how they treat customer data. While not as stringent as GDPR, California’s law does establish strong rights for individuals to protect their personal information.
What’s included in CCPA:
- General disclosure - you must inform consumers if you collect personal information about and include a privacy policy on your website
- Access to information - consumers have the right to know what information you’re collecting on them, how you got it, how you’re using it, and with whom you’re sharing it
- Opt-Out - consumers have the right to prevent you from selling or sharing their information with third parties
- Deletion - also known as the “right to be forgotten,” consumers can request that you delete the personal information you have on them
- Equal service - you can’t refuse service, change pricing, or treat customers differently if they choose to exercise their privacy rights under this law
Who’s Affected?
You must comply with CCPA if you are a for-profit company that does business or has customers in the state of California and meets at least one of the following criteria:
- Your annual gross revenue is over $25 million
- Your business receives, shares, or sells information of more than 50,000 individuals annually (this includes buying or renting lists)
- You earn 50% or more of your annual revenue from selling consumers’ personal information
So even if your business is based in Pennsylvania, you may still need to comply if you meet the requirements and you have customers in California. Remember too, that anyone can visit your website, including California residents, so you may be collecting data of protected individuals without even knowing it!
How Does CCPA Impact Small Businesses?
Regardless of whether or not your business is directly affected by CCPA, you should pay closer attention to how you handle personal information now, so you protect your business for the future.
California’s law may be the first of its kind, but it’s certainly not the last. Nine other states (including Maryland and New York) have already proposed similar legislation -- and you should expect more to come. Here are a few ways you can prepare:
1. Put a privacy policy on your website
Transparency is key. Consumers are tired of having their data being collected, used, and sold without their knowledge or consent, and laws helping them take control. Put a full privacy policy on your website that tells visitors how, why, and what personal information you collect, and give them methods to request details or opt-out.
2. Organize your data
Businesses need to be more conscious and organized in how they collect and store data. Especially for small businesses, data can be a bit haphazard. You may have many different lists (many of which are just Excel spreadsheets), no centralized database, and no idea where most of that information came from.
Laws like CCPA put the burden on your business to manage and report on the data you’re collecting. Keep track of all the different places where you’re collecting data like your website, in-person events, or third-party lists, and use one centralized place to store it.
3. Be cautious of where your data is coming from, and who you’re sharing it with
Under laws like CCPA, consumers will not only have the right to know where you’re getting your data, but they have greater control over who can sell or share it.
So if your direct mail, email marketing, or advertising campaign relies on buying 3rd party lists, beware. CCPA doesn’t prohibit the use of 3rd party lists, but it does give your customers the right to know if you’re buying their information - which might hurt your credibility. They also may be able to block the 3rd party from selling their information to you. In the long run, it’s better to build your own lists by collecting data directly and transparently.
Are You Ready for CCPA?
If your business is affected by CCPA and your website isn’t compliant, give us a call. We’re happy to help get your updated privacy policy on your site. Even if you’re not affected, you can get ahead of the game by updating your website now.
