You’ve likely had your email inbox flooded with “We’ve updated our privacy policy” messages from brands. It seems like a new one comes out almost every single day with no end in sight. So what’s going on?
In short, it’s because of the California Consumer Privacy Act of 2018. Privacy concerns from consumers and regulations to protect those consumers have become more and more of a hot button issue in the last 5 years. It all started with GDPR and snowballed from there.
What’s the California Consumer Privacy Act then?
The CCPA is a new law that all businesses in the United States need to take very seriously. It applies to any website that collects the personal information of residents of California. The CCPA has been referred to as the GDPR of the United States because it is one of the first fully comprehensive privacy laws that the US has seen that effect.
In short, CCPA gives California residents the following rights:
- The right to know what personal information is being collected about them
- The right to know whether their personal information is sold or disclosed and to whom
- The right to say no the sale of their personal information
- The right to access their personal information
- The right to request that you delete their personal information
- The right to equal service and price, even if they exercise their privacy rights
CCPA doesn’t apply to everyone though. It only applies to companies that:
- Have annual gross revenues in excess of $25,000,000
- Annually buys, receives, for business commercial purposes, sells or shares personal information of 50,000 or more California consumers, households, or devices
- Or derives 50% or more of their annual revenue from selling the personal information of California consumers
If you are a small business, don’t celebrate too soon. CCPA also applies to businesses that work with large companies that require their clients or vendors to be CCPA compliant too.
The fines and penalties for not complying are steep. The fine can be up to $2,500 per violation or $7,500 per intentional violation. “Per violation” is defined as per person whose privacy rights you violated or per website user. Even if you have only 50 websites visitors per month, that can add up quickly.
So what do you have to do?
In short, you need to review your privacy policy ASAP. It’s important to update your policy at least once a year to make sure it’s in compliance with new laws and covers you as a business but with CCPA looming, you might want to take some extra care and do a few more edits.
You need to list out the ways that you use customers information. Some examples are:
- Auditing transactions
- Detecting Security incidents
- Counting ad impressions per visitor
- Verifying customer information
- Marketing and advertising
- Analytics
- Enforcing Terms of Service
- And more
You will also need to disclose how you are collecting personal information. Some examples include:
- Information submitted by a consumer
- Social networks
- Surveys
- Tracking pixels
- Use of cookies
- Data resellers
You also need to disclose who you are sharing your customers’ information with such as:
- Email vendors
- Customer management services
- Financial Processors
- Social Networks
- Internet service providers
- And more
In order to comply with CCPA, your privacy policy needs to be easy to find on your website and it needs to have a way for Californians to contact you to request information about how their information is being used. It’s in your best interest to make these changes now because consumer privacy is only going to get more complicated and serious in the coming years.
Want help navigating your privacy policy? Simply Built can help! Contact us today!