What is the California Consumer Privacy Act of 2018 (CCPA)?
The CCPA was a privacy act in California that was passed in June of 2019. It is set to take effect on January 1st of 2020.
This act granted consumers in California 5 important privacy rights that work to protect their personal information. Here are the 5 new rights granted:
- The right to request disclosure of your business’ data collection and sales practices in connection with the requesting consumer, including the categories of personal information you have collected, the source of the information, your use of the information and, if the information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold;
- The right to request a copy of the specific personal information collected about them during the 12 months before their request (together with right #1, a “personal information request”);
- The right to have such information deleted (with exceptions);
- The right to request that their personal information not be sold to third parties, if applicable; and
- The right not to be discriminated against because they exercised any of the new rights.”
This information is quoted from pillsburylaw.com
How Will This Effect My E-Commerce Website in 2020?
Law organizations say that online businesses should update their privacy policy immediately, even if the act may not directly apply to you.
The CCPA requires all businesses that fit the requirements to update their public-facing privacy policy.
How To Update Your Website For CCPA
If you are a business in California that needs to comply with the CCPA, here is a checklist of information you must include in your privacy policy:
- Include a description of the new rights granted to California residents (similar to GDPR)
- Include an explanation of how to submit a personal information request or an erasure request
- Users are now able to request a copy of the personal information your organization has collected. They are also able to request that you delete that information, much like GDPR.
- If you sell personal information to 3rd parties, you must provide an opt-out link on your website titled “Do Not Sell My Personal Information”
- You must list all categories of personal information that has been collected within the past 12 months.
- You must list all categories of personal information you have sold in the past 12 months.
- You must list all of the categories of personal information disclosed for a business purpose in the past 12 months.
This information is summarized from pillsburylaw.com, go here for more info.
Categories of Personal Information Under CCPA
The CCPA limits how specific types of personal information can be used by businesses. Here are the types of personal information the CCPA refers to:
- Identifiers (such as contact information, government IDs, cookies, etc.)
- Information protected against security breaches (such as your name and financial account, driver’s license, social security number, user name and password, health/medical information)
- Protected classification information (like race, gender, ethnicity, etc.)
- Internet/electronic activity
- Geolocation
- Audio/video data
- Professional or employment information
- Education information
Easily Comply with CCPA
With the help of the team at Enhanced E-commerce, we can help you learn everything you need to about CCPA, as well as give you suggestions towards how you can become compliant with CCPA. None of the information provided in this article is meant to be taken as legal advice, but there are suggestions we can make to help you reach compliance.