The California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, is one of the most comprehensive and broadest data privacy laws in the U.S. This landmark legislation affects certain business collecting, storing, and selling information about California residents and sets the stage for countrywide privacy protections.
As a business, the CCPA requires you to be transparent in how you handle personal consumer data related to California residents. It offers more control to Californians over whether they want their personal information collected, what data is collected and how it is used.
As such, it’s essential that you develop and implement CCPA compliance procedures and programs, especially if you have a decentralized framework for managing personal information.
Which Entities Does CCPA compliance Apply?
The CCPA applies to you if you conduct business in California, gather personal data of California residents, and determine, either on your own or jointly, the purpose and handling of this information. Further, the legislation applies if you meet the following criteria:
- Your business has annual gross revenue exceeding $25million.
- You purchase, collect, share or sell the personal data of 50,000 or more consumers or devices annually.
- You get 50% or more of your annual revenue from selling consumers’ personal information.
What Constitutes Personal Information?
According to the CCPA, Personal Information is any information that identifies, describes, relates to, could be directly or indirectly linked to, or is associated with a particular consumer, device, or household. Based on this definition, Personal Information includes but is not limited to the following:
- Direct identifiers – Include a consumer’s real name, alias, email address, postal address, social security number, passport number, and similar identifiers.
- Unique identifiers – Cookies, account names, and IP addresses.
- Internet activity information – Search history, browsing history, and information about interaction with your website or app.
- Commercial information – Records of products/services purchased, personal property records, and consumer preferences or history.
- Biometric information – Fingerprint, voice recording or iris, retina, face, and palm scans.
- Sensitive data – Signatures, telephone numbers, bank account numbers, medical information, credit or debit card numbers, health insurance information, employment information, education information, and physical descriptions.
- Geolocation data – Location history.
There are exceptions to the CCPA’s definition of Personal Information. These include information that has been lawfully made publicly available from government records, de-identified information or information that cannot reasonably identify, describe, or be linked to a particular consumer, and aggregate consumer information (from which consumer identifiers have been eliminated).
CCPA Compliance Website Requirements
If CCPA legislation applies to your business and you have an online domain, there are some obligations you must meet to operate a CCPA-compliant website.
To ensure website compliance with CCPA, you must also afford your customers the right to access the Personal Information that you collect. You must inform your users at or before the data collection point of this information that includes:
- The information you collect about a consumer (both by specific information and category).
- The source of the Personal Information (directly or from third parties).
- How you collect the information, where it’s stored, and when it’s deleted.
- How you use the information and the authorities determining a change of use.
- The Personal Information you sell to third parties, the identity of the third parties, and the rights granted to the parties.
- Whether your business can reasonably determine the consumer’s age and whether the consumer has an account with your business.
Your website must avail designated means of submitting requests such as a website address or toll-free telephone number. Your business provides this information after receiving a Verifiable Consumer Request (VCR).
A VCR is a request where you can verify that the consumer submitting the request is one whom you have collected Personal Information about.
Your business must respond to VCRs within 45 days, either electronically or by mail. This period can be extended upon notifying the consumer. The information your business provides should be readily usable, allowing the consumer to process the data without hindrance easily.
Cookie Management and CCPA Website Compliance
Cookies are one of the main website tracking technologies used to collect user information and monitor online behavior. As such, the data collected by first and third-party cookies constitutes Personal Information according to the CCPA, for which your business is liable. A Cookie Consent Management Platform can help ensure website compliance with CCPA.
Adzapier offers a robust Cookie Consent Management platform to help you implement your cookie management policies and stay compliant. We help your business provide clarity in your tracking processes, through cookies, of consumer data.
Our solution helps you create CCPA-compliant cookie consent banners that don’t affect your customers’ digital experience on your website. You can also create a data map, which tracks the information collected using cookies, how your business uses this data and which third parties you share it with. You can access, visualize, filter, and track all these vital metrics from one dashboard.
Further, you can easily implement the aforementioned “Do Not Sell My Personal Information” link and automated cookie blocking to facilitate CCPA website compliance.
Our Cookie Consent Management system not only saves money and time for compliance, but the advanced optimization tools can also offer your insight into strategies that increase your cookie consent opt-in rates.
The Importance of DSAR Management for CCPA Compliance
Data Subject Access Request (DSAR) forms a crucial part of the consumer’s right to access data. DSAR is a request that a consumer initiates that exercises their right to obtain disclosure of a copy of Personal Information your business processes.
It is one of the most common requests you will receive in your privacy mailbox and is pivotal to a CCPA-compliant website.
One of the best ways to help your business ensure CCPA compliance is to invest in a robust Data Subject Access Request (DSAR) solution. The good news is that Adzapier is here to help.
Our DSAR management platform is an automated solution that helps your business avoid CCPA violations by enabling you to find, retrieve and manage personal consumer data efficiently. Our simple solution also gives your customers control and access to the privacy rights stipulated by the CCPA.
Using our comprehensive dashboard, you can collect, save and track consumer preferences and consent while our user-friendly privacy access center enables you to create custom request forms.
Our automated system helps your business handle Verifiable Consumer Requests in minutes, keeping in line with the CCPA response time requirements. An automated DSAR management system is especially invaluable if you receive a high volume of requests that can catch your business off guard.
With Adzapier’s automated DSAR management tools, you can deliver quickly when your customers request to access, monitor, or delete their personal information or opt-out of data collection. Our end-to-end solution also helps with an audit by ensuring you keep and organize records of your data collection activities.
In today’s security landscape, where high-profile breaches compromise personal consumer data, privacy laws such as California’s CCPA are a step in the right direction. Ensuring you check the CCPA compliance checklist to avoid breaching any rules should be a pressing concern for your business.
Implementing effective Cookie Consent Management and a DSAR management system is one of the ways to ensure your website meets CCPA compliance requirements.
Fortunately, Adzapier can be your business’s trusted and reliable partner, supplying access to effective solutions that ensure you stay ahead of CCPA and other privacy law compliance.
Feel free to Sign Up for our free 30-day plan or contact us today to learn more about our Cookie Consent Management and DSAR management solutions.