CCPA or the California Consumer Privacy Act is one of the newest law that was introduced in the California State from the 1st of January, 2020. The bill was passed to protect the privacy of the Californian citizen. As it is already in motion we thought the need to share the news with you guys.

Both CCPA & GDPR serve the same purpose: to protect the private data of people. Especially after all the privacy problem that has been circulating around the internet.

If you are unfamiliar with the act, here is a short summary

• Californian users’ will have the right to know what personal information is being collected by a website.
• Know what personal information is being sold to third party users and to whom.
• Ability to stop websites from selling Californian consumer’s private data.
• Option to request the deletion of collected information.
• Websites cannot charge more for certain users if they exercise the privacy rights. Californian users will have the same privileges as every other user.

This summary should be treated with what it actually is, a short summary. There is so much to the bill and we recommend that you read the full version of the CCPA.

Does Your Business Need To Implement CCPA?

If you are wondering if the CCPA policy applies to your business, it’s a bit of a tricky question. The following requirements seem to be the core requirement of the CCPA policy.

If you are a for-profit company, doing business in California, or with Californians, then the new California Consumer Privacy Act applies to you if you meet one or more of the following criteria:

• Your business’s yearly gross revenue exceeds $25 million ($25,000,000)
• You earn 50% or more of your yearly revenue by selling the information of Californian consumers
• You collect personal data of Californians ranging from 50,000 or more. Data can consist of your customers’ basic information, emails, payment details, etc.

You should understand that this policy is only applicable to the personal data that you collect. It will not be applied to the public data that is available. You can check out the official CCPA Fact Sheet. If you’re still unsure, you should always consult with a lawyer.

This article is for educational purposes and you should always consult with a professional lawyer before implementing CCPA.

What Are The Penalties For Non-compliance & Intentional Violations

Companies that don’t comply with the new law or are caught violating, will face penalties. Different types of violations have difference fines.

For non-compliance violations (unintentional) of the CCPA act, businesses will be fined $2500 per customer. And for intentional violations, the fine goes up to $7500 per person.

As an example, if a company handling the data of 100 Californians, violates the law by non-compliance will be fined ($2500X100) = $250,000. And if caught to violate the laws intentionally the fine will be ($7500X100) = $750,000.

How To Implement CCPA In Your Site

If you have already implemented GDPR on your website it will be much easier for you to add the new privacy policy & necessary components for the CCPA.

Implementing CCPA is similar to implementing GDPR. If you have worked with GDPR before that you will find it easier when implementing CCPA.

It is crucial that you talk to a professional lawyer before implementing any of the following.

• Add an age verification for your users in all user submission forms.
• Research the tools and sources you use to collect the visitors/users’ data. 
• Allow the opt-out option for everything. Enable the users to have complete ownership of their data.
• Process for verifying the user’s identity when modifying their personal information.
• Visitors should be able to stop you from selling/using their data at any time.
• Your users should be able to update their information at any given time.
• Create a separate privacy notice/privacy policy page that states everything clearly.
• If you already have a privacy policy update it according to the new CCPA policy.
• There are many contact forms in your site that take users’ data. Add a checkbox that asks the users for their consent. Contact forms include payment forms, contact forms, newsletter forms, etc.
• Include an SSL certificate on your website.

These are just the basic steps for you to get started and don’t guarantee full compatibility with the CCPA law.

Final Thoughts

In our opinion, you should pay close attention to the new California Privacy law even if it doesn’t apply to your business because nine other states have already proposed their own privacy bills, similar to or an exact copy of the CCPA law. 

If you need more resources to study, we suggest you read the official documents related to the CCPA law.

• TITLE 1.81.5. California Consumer Privacy Act of 2018 [1798.100 – 1798.199]  ( Title 1.81.5 added by Stats. 2018, Ch. 55, Sec. 3. )
• California Consumer Privacy Act (CCPA) FACT SHEET
• TITLE 11. LAW DIVISION 1. ATTORNEY GENERAL CHAPTER 20. CALIFORNIA CONSUMER PRIVACY ACT REGULATIONS PROPOSED TEXT OF REGULATIONS
• Who is considered a Californian according to California Law

Consult with a lawyer before implementing CCPA to your website. We are not liable for any damage caused by the information above.