Worldwide governance and corporate bodies have been gearing up to tighten cybersecurity pertaining to personal and commercial data related to consumers for the last few years. And for good reason.

California Consumer Privacy Act (CCPA)

In the wake of data protection concerns, The California Consumer Privacy Act (CCPA) came into effect on January 1st, 2020. The Act directly addressed the collection and used personal data related to consumers. The Act has validated that consumers have the right to know about the type of data being collected about them along with whether that data is disclosed or sold or used in any way. Consumers have the right to refuse any company that seeks the selling of their personal data.

What kind of businesses come under the CCPA?

  • A for-profit business or organization that collects personal data/information from the residents of the state of California
  • A business whose revenue is $25 million and above
  • Businesses that buy, receive, sell or share the personal information of 50,000+ customers
  • At least 50% of such a business’ revenue is from selling personal information

What about existing websites

What does this mean for business websites?

It means websites of businesses operating in the United States that may be collecting personal data or personal information from the residents of the California state. And websites of businesses who fall under any one or all of the above criteria.

What do you need to upgrade or modify in your website towards the CCPA?

What do you need to upgrade or modify in your website towards the CCPA

# 1 Privacy Policy 

Ideally, your legal team must step in to provide important changes in the privacy policy of your company website. However, there are a few changes that you can get internally. Here’s what to update –

  • Include the definition of consumer rights as given in the CCCPA
  • Describe how consumers can submit requests related to CCPA to your company
  • Categories of personal information of consumers the website has collected since January 2020
  • List of the categories of the personal information that the business has sold since the Act came into effect
  • If no information was sold or disclosed, state that
  • List of the categories of consumer information that the business has disclosed (even if not sold)

# 2 Data collection and processing

You need to implement actual filtration or ways on the website to ensure that the consumers’ rights are protected during the entire cycle of data collection and processing. You may need to update security protocols in case the data is stored on the cloud or apply data encryption measures to prevent breaches due to any unauthorized access.

# 3 Ease of requesting information

This is the time when you need to train your team or staff about handling consumer data, especially personal information. This includes protocols, identity verification at the gateway to the website/online information, mode of communication for the electronic delivery of personal data to the consumer, guidelines for the consumers to delete information if they wish, etc. This may also be the time to engage in a new website development or a website redesign based on significant CCPA norms.

# 4 Facilitating opt-in/opt-out 

Make sure you have updated the language related to the website’s opt-in/opt-out checkboxes. The Act has requirements related to adults and minors. Make sure these boxes are easily visible on the website – especially at all the points where data is collected.

# 5 Update the back-end system 

Include the link that says “Do not sell my personal information at the front-end. Update the back-end to handle requests, access especially for verification of identities of persons who have requested personal data.

Handling information related to minors 

CCPA regulates that data belonging to children under 16 cannot be sold. A business may collect data on children aged between 13 and 16 however. It is mandatory for children below 13 years of age to have parental consent at the gateway of information collection. You need to create forms or provisions that such parental consent can be obtained and recorded before processing any data related to minors.


CCPA Website Update Checklist 

# Update privacy policy

# Ensure protection of consumer rights while data processing

# Train the staff, define protocols of data collection

# Facilitate opt-in and opt-out

# Update the back-end system

Final thoughts 

Businesses connected with the state of California must see CCPA as an opportunity to win more credibility from their customers. It is also an opportunity to overhaul their systems – those that collect consumer data.  In Chapter 247, our team is equipped to provide or add opt-out links or buttons to an existing website or update the back-end or front-end however needed. You may also be in dire need of redesigning your website and this may be the best time to redesign it as per the new privacy norms.

If you are worried about data security compliance as set by GDPR or CCPA, and you wish to get expert guidance, let us know. We would be happy to help.