By Jack Gould
If you’re wondering what CCPA is, you are not alone. CCPA refers to The California Consumer Privacy Act.
Chances are you are located in Michigan or the Great Lakes region. While we wish this added regulation wasn’t something our local clients had to worry about, that might not be the case.
Much like the General Data Protection Regulation (GDPR) we discussed in a previous Industry Insight which was rolled out by the European Union in 2018, CCPA may concern your business if you market to California residents directly or indirectly.
Why This May Concern You
CCPA was established on January 1, 2020, as a way to protect consumers’ privacy rights in the Golden State. CCPA applies to any for-profit organization that does business in California and collects, shares, or sells California consumers’ personal data with one or more of the following:
- Annual gross revenue of more than $25 million.
- 50,000 or more records of consumer, household, or device information.
- More than half its annual revenue generated by selling consumer’s personal information.
Considering that websites don’t observe state lines and that your sales reps may have clients on the West Coast, it’s important to consider if CCPA affects your company.
Staying up to date on such regulations can be a challenge, but not complying may will lead to fines, lawsuits, and other serious penalties.
How You Can Comply
If you determine that your business and its website fall within CCPA regulations, LKF can help with the potential changes to your privacy policy, among many other updates that need to be made to ensure your organization's website complies.
To be compliant, the privacy policy of your website must:
- Disclose the type of information it collects and processes.
- Explain why that information is collected.
- Share how the information is collected and processed.
- Share how users can request, access, change, move, and delete their personal data.
- Share the method that is used to confirm the identity of users requesting personal data requests.
- Mention the potential for a user’s personal data to be sold and how they can opt-out of having their information being sold.
- Include an email address where users can make requests regarding their personal information.
Essentially, an organization must be completely transparent and honest about how the information it collects is stored, used, and removed, and must have other web functionalities in place to ensure users' information isn't being retained if the user opts out. Just like we indicated when GDPR was in its infancy, assuming that your site is already CCPA compliant or exempt from these requirements may have serious and costly consequences. It is our recommendation that all businesses take the time to figure out if CCPA applies to them and respond accordingly. LKF can help walk your business through all of the requirements.
Why GDPR Compliance Isn’t Enough
At this point, you may be wondering what your organization must do if its site is already GDPR compliant? The good news is that some of the work is already done; however, there still are a few actions that must be taken.
These actions include, but are not limited to, adding references to CCPA and specific opt-in/out checkboxes for users as well as language that confirms a non-discriminatory approach for users who opt out of providing their personal information.
In short, your website should clearly allow users to opt out of both GDPR and CCPA and still work without restriction for those who opt out of data collection.
LKF Can Help!
We know this is a lot of information to digest and process, but fear not! LKF Marketing can help your business implement changes to meet new CCPA regulations as part of our holistic approach to providing intelligent marketing solutions.
As always, if you have questions or concerns about your website, CCPA standards, or anything else, please contact us. We’re more than happy to help ensure your website and marketing efforts are both effective and compliant!