What Does the CCPA Mean for Your Business? Our Quick Guide

On January 1, 2020, the California Consumer Privacy Act (CCPA) will go into effect. This is big news for two groups of people: consumers residing in California and companies that do business with those consumers.

If you run a digital business there’s a good chance you have customers in the sunny state of California, which means the CCPA will almost certainly affect you.

In this article, we’ll take a look at some CCPA requirements for businesses and the most important rights it guarantees to customers. We’ll also explore some of the ways Whisbi can help its users comply with CCPA and avoid compliance issues.

Let’s get started.


The CCPA at a Glance

The goal of the CCPA, just like GDPR, is to protect consumers’ personal data. The law was passed in 2018 but will go into effect January 2020.

The CCPA applies to people who are in California when their data is collected. It also applies to the collection or sale of data that occurs in California, regardless of where the individual providing the data is located when they provide their data to the business.

Data collection that takes place entirely outside the state won’t be affected.

In other words, if you’re a business based in New York and you collect data from consumers in Vermont, you won’t need to worry about CCPA in that instance. However, if you collect data from any customers in California, you will need to take care of some important steps.


What Businesses Does it Apply To?

The CCPA will apply to any businesses that meet at least one of the following criteria:

They have an annual gross revenue above $25M

They annually buy/sell or receive/share (for commercial purposes), the personal information of at least 50,000 Californian consumers, households, or devices

They derive at least 50% of their annual revenue from selling the personal information of Californian consumers

It’s also worth noting that, if a business is subject to the CCPA, its subsidiaries and affiliates may also be subject to the law if they share common branding (for example the same name).


What Rights Does the CCPA Guarantee for Customers?

The CCPA guarantees a number of core rights to consumers, and it’s important that businesses become aware of these to make sure they’re complying. Here they are:

– The right to know. This means companies are required to disclose the categories of personal information they collect, sell, or share about Californian consumers on request.

– The right to opt-out: This allows consumers the ability to opt out of the sale of their personal data.

– The right to deletion. This gives customers the right to request that a business delete any of the information they have collected on that customer. There are certain exceptions here, for example if the transaction in question has not yet completed.

– The right to access. This allows customers to access any info about their personal information and receive a copy of specific pieces of it.


What are the CCPA Requirements for Businesses?

In order to comply with the legislation and avoid getting into any legal trouble, there are a number of CCPA requirements for businesses to follow:

– Businesses must inform customers at or before collection which personal information will be collected, and why. After this point, they must not collect any information that was not mentioned.

Businesses must clearly state consumers’ rights on their website and make it clear and easy for customers to get in touch with them. They must provide at least two options for contact (for example, a toll free telephone number and if the business maintains an Internet Web site, a Web site address).

– Before disclosing any information to a customer, businesses must take steps to verify that the customer making the request is the original owner of the data. This is to avoid giving consumers access to the wrong person’s information.

In response to any request, businesses must act free of charge and within 45 days. This time limit applies regardless of how long it takes to verify a customer’s identity.

There must be a clear opt-out link entitled ‘Do Not Sell My Personal Information’ on the website and privacy policy if the business sells consumers’ personal information to third parties.

The business’ privacy policy must disclose any information required by the law, for example:

    • A description of the customer’s rights
    • A list of the categories of personal information collected during the last 12 months
    • Whether the business has sold or disclosed any of that information to third parties during that time (and if so, which categories)

– Businesses cannot allow CCPA-related requests to impact their customer relationship and must wait at least a year before asking them to opt back into data collection (also known as the right to no discrimination)


How Whisbi can Help You Comply With the CCPA

This can seem like a lot to keep track of, and as a business you might be worried about making sure you’re covered and not at risk of any violations.

Running an eCommerce or showcasing products online and carrying out effective digital marketing involves a lot of data collection, and you probably want to keep doing this in a safe and legal way that respects your customer’s rights.

Fortunately, that’s entirely possible. Here are some of the ways Whisbi can help with this:

We can help all our clients provide all the information they need to display at or before data collection. We’ll make sure you display your compliance with the CCPA clearly and easily so there’s no doubt that you communicated the necessary information.

– We can help you ensure your customers have read, understood, and accepted privacy policies before any PI is collected, giving you peace of mind and ensuring your users are treated fairly.

– You will provide any privacy notices and policies you want to be inserted in your landing page.

– Whisbi is a cloud-based SaaS solution based on Amazon Web Services (AWS). You may be wondering why this is relevant. It’s because the IT infrastructure that AWS provides to customers places high importance on security and comes with an arsenal of security standards. This helps eliminate the risk of data breaches and theft of personal information.

The CCPA will bring some big changes, but, just as with GDPR, it will be easy to comply and we ensure our clients can continue running their business with minimal disruption.

To find out more about how Whisbi can help you through this process, contact us today.


Legal Disclaimer: Nothing in this article is intended to be, nor should it be, construed as legal advice from Whisbi or Whisbi’s legal team.



Comments are closed.