Be prepared: CCPA enforcement begins on 1/1/2020
Attention: Clients with active website and web application projects with visitors that may be California citizens, please be advised that the California Consumer Privacy Act (CCPA) will start being enforced on January 1, 2020.
What is the CCPA? The CCPA (or California Consumer Privacy Act) is a new law in California that compels companies that have personal information about users to provide more details on how they obtain and use that information. The goal of CCPA is to protect all California citizens from privacy and data breaches.
Why this is important: The CCPA gives additional rights to Californians for websites that may be collecting data about them. The way things currently work is that a company can take a site visitor’s information and sell it to whomever they wish, without needing to notify a visitor. When the law kicks in in January, Californians will be able to:
—Request what information has been collected on them, and request information on to whom it has been sold.
—Request that any information collected on them be deleted.
—Have the option to opt-out of allowing their information to be sold.
What can we do to be prepared? You may already be aware and have taken (or will be taking) steps in anticipation of the impending enforcement date. The CCPA can be confusing and is somewhat open-ended, so we recommend reviewing information from reputable sources to become more familiar. Knowing what needs to be changed, and being proactive about it is the best course of action.
In addition to conducting independent research, we recommend bringing this matter to the attention of your general counsel and/or data privacy attorney, if possible, to ensure your organization is in full compliance. Another option is to have third-party CCPA specialists and consultants conduct a full audit of your organization (including your website) to ensure you are in compliance.
What action will RubensteinTech take and when? We recommend performing a thorough review of the cookies and/or forms being used on your website. (Cookies are one of the most common forms of storing user data from website visitors.) Current RubensteinTech clients can request a list of cookies being used, as well as a detailed breakdown of what each one does. We can also recommend other changes that will allow your website to be in compliance with the CCPA. (Please contact Support to make this request.)
Forms on your website that obtain any personal information from users should also be reviewed. Form data that integrates with external systems, like a CRM, should also be taken into consideration.
Beyond this, you may also need to update your cookie banner, homepage, cookie and privacy policy pages, and other sections of your website with "Do not sell my personal information" language and opt-outs. We've recently been working with Civic UK and OneTrust, which provide banners and other tools for website disclaimers. OneTrust has tools for the CCPA to be added to your website.
What happens if we do nothing? If your business is not compliant with the CCPA in the state of California, your business may be subject to penalties.
It’s also worth noting that, while your website may not get flagged in violation immediately, it can happen at any time after the enforcement date. The CCPA is well-documented, but the immediacy of any punishments is uncertain. Based on the stipulations, it could affect more than half a million companies.
As with all RubensteinTech CCPA notifications, the above does not constitute legal advice. We advise all clients to consult with legal counsel for all matters related to CCPA compliance.
For more information on this matter, please visit the following:
—California Legislative Information: AB-375 Privacy
—CCPA Resource Center
—Clarip: Do Note Sell My Personal Information Link for California
—OneTrust: CCPA Consumer & Rights Do Not Sell Solutions
—IAPP: Top 5 Operational Impacts of CCPA: Part 5 - Penalties and enforcement mechanisms
—IAPP: New California privacy law to affect more than half a million US companies
—Akin Gump Lawyers Summarize CCPA Amendments in Article for The Recorder
—The Practical Guide to the California Consumer Privacy Act: Part 1 (BCLP)
—CCPA Privacy FAQs (BCLP)