On October 11, 2019, California Governor Gavin Newsom passed the California Consumer Privacy Act (CCPA) which will come into effect from January 1, 2020. This makes CCPA arguably the most groundbreaking law in the United States with regards to consumer identity protection and privacy rights.
If your website is created on Milestone CMS, worry not! We’ve got your back. We are in the process of incorporating required changes on our client websites to ensure CCPA compliance. In this article, we will briefly discuss whether your business falls into the ambit of CCPA, and what we are doing to ensure that your Milestone-powered website complies with CCPA.
What type of businesses need to comply with CCPA?
While the European Union’s General Data Protection Regulation (GDPR) and the CCPA share common goals, GDPR is a lot more stringent and requires any sort of data collector to comply. On the other hand, CCPA does not include every business, but businesses that:
- Have annual gross revenues upwards of $25 million
- Buy or receive personal information of at least 50,000 devices, households or consumers
- Make at least 50% of their annual revenues from buying, selling or sharing consumer personal information.
Penalties for CCPA non-compliance
If businesses fail to comply with CCPA, they will have to:
- Pay fines between $100-$750 per incident or the actual amount of damages if there has been an unlawful loss of personal data for cases brought forward by consumers – if found guilty of non-compliance.
- For cases raised by the Attorney General against a business, the entity will have to pay $2,500 for unintentional violations and $7,500 for intentional violations.
Fundamental rights of consumers under CCPA
To protect their identity and ensure the privacy of personal information, listed below are the key CCPA draft regulations:
- Consumers have the right to know what personal information is collected, sold or shared by a business to a third-party or data collector
- Consumers have the right to request access and deletion of private information
- They can also reject the sale of personal information
- Consumers cannot be discriminated by businesses when exercising their right under CCPA
- Businesses require the consent of guardians to sell or share information of minors under the age of 13 years, while minors under 16 years can opt-in or out of the sale or sharing of their personal information
How Milestone will ensure that your business website is CCPA compliant
Here are some of the changes we are making in the websites to ensure that you are covered:
- Cookie Consent
Business websites need to display a cookie consent banner to request the consent of the consumer and disclose the purpose behind saving personal data. Along with the cookie consent banner, Milestone ensures that our clients can view the Statement of Privacy that covers cookie consent and the use of cookies. Click on “Cookie Policy” to view the Statement of Privacy.
- Display Privacy Policy
We ensure that all our client websites display the Privacy Policy as per the latest amendments of CCPA. The Privacy Policy includes specifics of the personal information that has been collected, the reason for collecting private information and the process of collection of such information. - Email Address to request access and deletion of personal information
As mentioned earlier, businesses that operate online must provide an Email Address for consumers to request access (to know what personal information is collected by the business) and deletion of their personal information. Take a look at how we set up this option for our client’s website to adhere to the regulations of the CCPA. Once the registered user enters his/her Email ID, a link will be sent to their personal Email ID. They can then click on the link to view and/or erase their personal information collected by the business if they wish.
- Age verification on the website
If the business collects, sells or shares personal data of consumers, it needs to carry out an age verification to request the consent of minors below 16 years and consent of guardians for minors below 13 years. Businesses have a 30-day waiting period to respond to the Attorney General if a case is brought to them by a consumer. If the business resolves the issue within 30 days, the case will be dropped by the Attorney General. In addition, for the first 6 months of CCPA being effective (Until July 2020), no penalties will be enforced on businesses by the Attorney General.
If you are a Milestone CMS customer and want to know more about the changes we are making to your site, please reach out to your Customer Success Manager. If you are not a Milestone customer yet but wish to know more about CCPA, or wish to build a CCPA compliant website, contact us at +1 408-200-2211 or mail us at [email protected].
