CCPA: The Big Mandate is Coming – Is Your Website Ready?

A major mandate for consumer privacy and data protection, the California Consumer Privacy Act (CCPA), is just around the corner—scheduled to come into effect on the 1st January 2020. Worried your business’ website isn’t up to snuff? We’ve got the answers to all your questions with a guide to getting your site CCPA-ready for the New Year.

Driven by privacy concerns of its fellow residents, the state of California passed the CCPA bill that empowers Californian consumers by holding businesses accountable for protecting their data while browsing and making purchases on websites.

Contrary to what many believe, the mandate will not be restricted to California-based businesses but will apply to all businesses—regardless of their location—if they collect personal information of consumers based in California. With a GDP of $3 trillion USD and 40 million residents, California is one of the most lucrative consumer bases for companies with a footprint in the American market. Economists estimate over half of U.S. businesses will fall under the purview of this act and be subject to its stipulations.

Does your business need to comply with CCPA by the January deadline?

Yes, if it satisfies any of the following criteria:

Annual revenue is greater than $25 million Buys, receives, sells, or shares the personal information of 50,000 or more consumers, households, or devices for business purposes 50% or more of its annual revenue comes from selling consumer personal data

What happens if you breach the CCPA regulations?

If you are meeting any of the criteria mentioned above, you need to comply with the CCPA stipulations by January 1, 2020. That means Californian consumers will now have the right to raise a civil action lawsuit against your business and you may be liable to pay the following charges if found guilty of breaching the CCPA regulations:

• Damages between $100 – 750 (or up to actual damages) to each consumer affected
• Up to $7,500 as a civil penalty for intentional or unintentional violation

With CCPA, what rights do your consumers have?

If any of your consumers are California-based, he or she has the right to:

• Know what personal information is being collected
• Know whether personal information is sold or disclosed and to whom
• Reject the sale of personal information
• Access the captured personal information
• Equal service and price (businesses cannot discriminate between consumers
• even if the consumer requested information under CCPA)

How can your business and website be CCPA compliant?

In order to adhere to CCPA regulations, you need to take a few preparatory measures, from making changes on your website to reviewing data collection practices and even establishing new processes (e.g., practices of recording data processing and disclosing information when a consumer requests it). If you are already GDPR compliant, conforming to the CCPA will not be difficult. However, in certain areas, CCPA will have a much broader scope.

CCPA compliance will require various changes on your website, including:

Cookies: Including a consent banner to disclose the use of cookies and request consent

Privacy Policy: Adding information on: Specifics on personal information collected Process of collecting personal information How a user can request access to the personal information collected and request modification or deletion

Do Not Sell My Personal Information page linked to homepage & privacy policy: Allow consumers to opt out of having personal data sold

Age Verification for Sale of Information: Requesting consent from minors between the ages of 13 to 16 years, or consent of parents of minors under 13 years for sale of personal information

Disclosing processing agreements

With CCPA amendments getting final senate approvals soon, you can expect more clarity in the coming days and weeks. But that doesn’t mean you can’t begin preparing your business and website for the upcoming legislation. Consulting legal authorities and digital marketing professionals, you can get ahead of the game to ensure your site is CCPA-compliant on time.

How Milestone can support and help your site in becoming CCPA-compliant?

While the CCPA is undergoing amendments before the final roll-out, we at Milestone are closely monitoring developments. If you are a Milestone CMS customer, we’ll be rolling out the mandatory changes for your website to adhere to CCPA stipulations by the deadline while you get your processes in place. Your dedicated Customer Success Manager will be in touch with you to keep you up to date with compliance needs.

If you are not a Milestone customer and would like to know how you can ensure compliance with CCPA and GDPR on your website, get in touch with us at (408) 200-2211. For further updates on CCPA stay tuned by following the Milestone blog.

Disclaimer:
The information contained here is provided for informational purposes only and should not be construed as legal advice. You should not act or refrain from acting on the basis of any content included in this site without seeking legal advice.

References:

• https://oag.ca.gov/
• https://www.pwc.com/us/en/services/consulting/cybersecurity/california-consumer-privacy-act.html
• https://www.forbes.com/sites/forbesnycouncil/2019/07/10/are-you-ready-for-ccpa/#7b643cc624c4