In 2020 a a new California law goes into affect. This new law is called the California Consumer Privacy Act. The CCPA (as it’s called for short) is intented to help consumers have control over their personal data, protect their personal data, and give them insight into what companies do with their customer data. This new law is very similar to the GDPR (General Data Protection Regulation) law that was that went into affect from the European Union in 2018.
Long story short, both laws are intended to give consumers some control over what businesses do with their data and request that a company not store their consumer data, not act upon that consumer data, or outright not store or remove their consumer data. It’s INTENDED for that. But in practice it doesn’t mean much.
Are you familiar with “This Site uses Cookies.” prompts that you get on websites when you first go to them? Those are from sites that are already GDPR compliant. That also now applies to website that need to be CCPA compliant.
There is a little more to it than that. Basically if a consumer contacts you and asks, you legally have to remove their customer data from your site, or stop using their customer data to target them with ads or not sell their data to another company. Oh… and you need to have a privacy policy on your site too.
What companies need to comply with CCPA?
- When you make $24 million profit per year.
- You have more than 50,000 lines of personal data from households, persons or devices. This means that if your site is receiving at least 50,000 visitors a year you will have to comply, as you’re gathering IP addresses, placing tracking cookies etc.
- Also, when half of your profit consists of selling personal data you will need to comply to the CCPA.
Fines: With CCPA, a violation will cost you $7500 plus $750 per person involved.
Disclosures: This new law, while passed in California affects any website or company that does business with or sells to anyone in California. So basically if you have a decent eCommerce company, you need to be CCPA compliant.
How to become compliant with CCPA
If you are on WordPress or run a WooCommerce site, getting compliant is pretty easy.
Step 1: Provide a clear and conspicuous link on the homepage, that goes to a titled “Do Not Sell My Personal Information” web page that enables a consumer, or a person authorized by the consumer, to opt out of the sale of the consumer’s personal information or request it’s removal. AKA – Have a “Do Not Sell My Personal Information” page with a form that they can fill out to request you don’t sell or remove their consumer information. Remove their data when requested. If you have a WordPress site this is already built in! Confirm their identity and process the request on your site under Tools –> Erase Personal Data when requested. Learn more about how the WordPress Erase Personal Data works
Step 2: Don’t sell data of children under the age of 16. The law states that children between the ages of 13 and 16 must explicitly authorize the sale of personal data (which will never happen) and if the child is under 13, a parent must authorize the sale and sharing of personal data (which definitely isn’t happening). So don’t worry about it and as a rule don’t sell consumer data of any kids. If you do want to do this (maybe you do run a children’s website) you need to have separate consent and privacy policy pages and options for children. For 90+% of eCommerce companies this is a non-issue.
Step 3: Setup a Privacy Policy page. Put a link to that page in your footer so it’s on every page of your website.
Step 4: Setup a Cookie Consent Banner (you know that banner or popup that says it’s OK that your site uses cookies. That banner or popup should also have a link to your Privacy Policy and “Do Not Sell My Personal Information” pages.
If you need help with the following, let us know at BBS and we can help for a fixed low price. We will take care of all of it for you.