California Consumer Privacy Act: Become CCPA compliant today
Data privacy is everybody’s concern. The year 2020 has given great relief to the citizens of California. It has empowered them with some very crucial rights for the protection of their privacy. The new legal framework is known as CCPA, California Consumer Privacy Act. CCPA compliance is mandatory for any organisation that has a business presence in California. But what is CCPA and how to comply with it is not yet clear to many people. In this article, we will describe CCPA in detail and will also tell you how to be CCPA compliant.
What is CCPA?
California Consumer Privacy Act is a legal framework designed to protect the privacy of Californian citizens. The state of California passed the CCPA act on 28th June 2019. The law came into effect from 1st January 2020. It mandates to take consumers’ consent to collect, process or store their personal data.
Why was CCPA introduced?
The main objective of CCPA is to give the citizens of California more control over their personal information by granting them some fundamental rights. They can now question the website owner who uses their data about the purpose of the use and also refuse to share their personal details with anybody.
Who is CCPA for?
CCPA applies to a for-profit entity if it –
- Has a business presence in California
- Deals with the personal information of California citizens
- Uses personal information of 50,000 or more California citizens for business purposes
- Has a gross annual income of minimum $25 million USD
- Earns half of its annual revenue from selling the personal data of California citizens
As of 18 September 2020, Brazil’s General Data Protection Law has been in place. Find out more about the GDPL in our dedicated article.
What data does CCPA cover?
CCPA defines personal data as any information that identifies, relates to or can reasonably be linked with any individual or household. Under CCPA, personal information can be categorised in the following ways-
- Direct identifier: It is specifically the personal details of an individual like name, postal address, passport information, social security number, driving licence number, signature etc.
- Indirect identifier: This type of information is related to the citizens but not in a direct way like IP address, telephone number, pixel tags, cookies beacons etc.
- Biometrics information: This is the most crucial type of data when it comes to security and privacy. It usually means face, retina, fingertips and health-related data.
- Geolocation information: It refers to the geographical location history which is traceable via devices.
- Internet activity: Internet activity generally means the browsing history, search history and data about the interaction with different websites.
- Sensitive data: Sensitive data includes personal characteristics like behaviour, religious or political views, educational, employment and financial data etc.
What are the CCPA regulations?
Here are the major rights under CCPA –
- Right to be informed
Consumers can question the business organisations who use their personal data, how their information is to be processed at or before the time of collection.
- Right to access
Consumers can access the data that are in possession of a business organisation and also verify it anytime.
- Right to opt-out
Consumers can ask the business organisation that sells their personal information or share it with third parties to stop sharing or selling their data.
- Right to opt-in
Companies are prohibited from collecting or using personal data if a consumer is under 16. In this type of cases, they can use such data only if the parents of the minor consumer opt-in or in case the consumer is above 13, he himself opts in.
- Right to request deletion
Consumers have the right to ask for the deletion of their personal data that has been collected by a business organisation anytime.
- Right against discrimination
Companies are prohibited from discriminating against the consumer for exercising the fundamental rights that have been granted to them by CCPA. For example, they can not deny goods or services to a set of customers.
How is it different from GDPR?
CCPA and GDPR both are privacy regulations. They seem to be quite similar but they differ from each other in many ways. Here are the major differences between CCPA and GDPR –
- GDPR applies to all the businesses that deal with the personal data of EU citizens whereas CCPA applies to only the businesses that have annual revenue of $25 million USD or more.
- It focusses on all information related to EU Citizens whereas CCPA considers both the consumers and households as identifiable entities.
- Also, GDPR penalties for noncompliance or any kind of data breach can reach up to 4% of the companies annual turnover whereas CCPA fines are applied per violation up to a maximum of $7500 USD.
- GDPR covers all the residents of the EU. It does not specify any condition for citizenship. On the other hand, CCPA is specifically for the legal citizens of California.
How can we add CCPA text to the website?
What is the best Plugin for CCPA compliance?
If you are a WordPress user, there are hundreds of plugins available in the market to help you comply with CCPA. Which one will be the most suitable for you, depends on your needs. There are many points that are to be taken into consideration. For example, what are the elements that you want to embed to your site like checkboxes, cookie consent banner etc. The budget is also a major concern. You have to go for a comparison of the features of the plugins before making the final purchase decision. Here will talk of four major plugins to make your website comply with CCPA –
- Privacy and cookie policies
- Affiliate disclosures
- Returns and refund policy
- Anti-spam policy
- Customizable cookie notices
- One-click cookie scanner
- Autoblock third party cookies
- Edit cookie details manually
- Display or hide notices based on Geolocation
Price – $37
WP Forms is a drag and drop WordPress form builder. It helps you to create forms with consent checkboxes to make your site compliant with CCPA. With this, you can create many different types of forms like contact form, survey forms, registration forms etc. there are 100+ pre-made form templates for different purposes. The plugin lets you create both single page and multipage forms.
- Pre-built form templates
- Smart conditional logic
- Advanced spam protection
- User registration
- Mobile friendly
Right to deletion is a major right under CCPA. Any time your users may ask you to delete their personal data that are in your possession. Delete me was built keeping this in mind. The plugin helps you to add account deletion features to the users’ account so that they can delete their information or account anytime whenever they wish to. It also gives you the option to take users’ permission in case you want to delete any of their data. This is a free plugin.
- Lets users delete their account anytime
- Take users’ permission to delete their data
- Limit account deletion option to only a few users
- Lots of easy shortcodes
- Multisite support
We have tried here to give you an overview of CCPA. If you deal with the personal data of the citizens of California, CCPA compliance is a must for you irrespective of your physical presence. All the plugins we have listed here will help you to make your site CCPA compliant within minutes. Pick up the one that matches your needs and move ahead. Your goal is just a few clicks away.
If you liked the article, don’t forget to share it with your friends on Facebook and Twitter. Leave your reactions in the comment section. We would love to hear your feedback. If there is any doubt, please feel free to share it with us. We will try to get back to you as soon as possible.
What is CCPA?
California Consumer Privacy Act or CCPA Compliance is a Californian privacy law that protects the personal data of the citizens of California.
What is CCPA compliance?
CCPA compliance literally means to follow the rules and regulations laid down by CCPA. It simply means valuing the privacy of the common people of California.
Who does CCPA apply to?
Any business organisation that has an annual revenue of more than $50,000 USD and earns at least half of its revenue by using the personal data of 50,000 or more Californian citizens come under CCPA.
How is CCPA different from GDPR?
CCPA is a Californian law and GDPR is a legal framework of the EU. The full form of GDPR is General Data Protection regulation. The main difference between CCPA and GDPR is that CCPA protects the consumers who are natural persons and citizens of California while GDPR protects data subjects who are residents of the EU but does not specify any criteria for Citizenship.
How do I become CCPA compliant?