Worldwide governance and corporate bodies have been gearing up to tighten cybersecurity pertaining to personal and commercial data related to consumers for the last few years. And for good reason.
In the wake of data protection concerns, The California Consumer Privacy Act (CCPA) came into effect on January 1st, 2020. The Act directly addressed the collection and used personal data related to consumers. The Act has validated that consumers have the right to know about the type of data being collected about them along with whether that data is disclosed or sold or used in any way. Consumers have the right to refuse any company that seeks the selling of their personal data.
What kind of businesses come under the CCPA?
- A for-profit business or organization that collects personal data/information from the residents of the state of California
- A business whose revenue is $25 million and above
- Businesses that buy, receive, sell or share the personal information of 50,000+ customers
- At least 50% of such a business’ revenue is from selling personal information
What does this mean for business websites?
It means websites of businesses operating in the United States that may be collecting personal data or personal information from the residents of the California state. And websites of businesses who fall under any one or all of the above criteria.
What do you need to upgrade or modify in your website towards the CCPA?
- Include the definition of consumer rights as given in the CCCPA
- Describe how consumers can submit requests related to CCPA to your company
- Categories of personal information of consumers the website has collected since January 2020
- List of the categories of the personal information that the business has sold since the Act came into effect
- If no information was sold or disclosed, state that
- List of the categories of consumer information that the business has disclosed (even if not sold)
# 2 Data collection and processing
You need to implement actual filtration or ways on the website to ensure that the consumers’ rights are protected during the entire cycle of data collection and processing. You may need to update security protocols in case the data is stored on the cloud or apply data encryption measures to prevent breaches due to any unauthorized access.
# 3 Ease of requesting information
This is the time when you need to train your team or staff about handling consumer data, especially personal information. This includes protocols, identity verification at the gateway to the website/online information, mode of communication for the electronic delivery of personal data to the consumer, guidelines for the consumers to delete information if they wish, etc. This may also be the time to engage in a new website development or a website redesign based on significant CCPA norms.
# 4 Facilitating opt-in/opt-out
Make sure you have updated the language related to the website’s opt-in/opt-out checkboxes. The Act has requirements related to adults and minors. Make sure these boxes are easily visible on the website – especially at all the points where data is collected.
# 5 Update the back-end system
Include the link that says “Do not sell my personal information at the front-end. Update the back-end to handle requests, access especially for verification of identities of persons who have requested personal data.
Handling information related to minors
CCPA regulates that data belonging to children under 16 cannot be sold. A business may collect data on children aged between 13 and 16 however. It is mandatory for children below 13 years of age to have parental consent at the gateway of information collection. You need to create forms or provisions that such parental consent can be obtained and recorded before processing any data related to minors.
CCPA Website Update Checklist
# Ensure protection of consumer rights while data processing
# Train the staff, define protocols of data collection
# Facilitate opt-in and opt-out
# Update the back-end system
Businesses connected with the state of California must see CCPA as an opportunity to win more credibility from their customers. It is also an opportunity to overhaul their systems – those that collect consumer data. In Chapter 247, our team is equipped to provide or add opt-out links or buttons to an existing website or update the back-end or front-end however needed. You may also be in dire need of redesigning your website and this may be the best time to redesign it as per the new privacy norms.
If you are worried about data security compliance as set by GDPR or CCPA, and you wish to get expert guidance, let us know. We would be happy to help.