What is the California Consumer Privacy Act? 

The California Consumer Privacy Act (CCPA) is a data privacy law regulating and protecting California residents’ personal information. Personal information can include names, login names and passwords, e-mail addresses, phone numbers, or personal health information. While more than likely, you’ve come across these words at one time or another, you’ve probably paid little to no attention to them, understandably.

But if you are a business owner, it’s essential that you familiarize yourself with this act. This law applies to businesses all around the world, not just to companies residing in California. If you do business with a resident of California, then you need to follow the rules and regulations placed under the CCPA. If a consumer in California were to purchase from your website, it is your responsibility to protect their personal information.

Here are the steps to follow to ensure your business is CCPA-compliant:

The first thing you will need to do is publish a privacy policy on your website. Be sure it covers all the CCPA rules. Some things to keep in mind include:

  • it should consist of what information you collect from visitors and users, such as name, e-mail, address, and so on
  • what type of information you do not collect
  • why are you collecting this information
  • what happens to this data after it has been collected
  • consumer rights under the CCPA regulations
  • whether this data is being sold to third parties, and if it is, then why
  • how a consumer can contact your business if needed

Key reminder: If you do sell or share personal information, you must provide a” Do not sell my personal information” page. This will allow users to “opt-out” if they prefer. Here, users will have the option to decide what specific information they are okay with sharing. A link should be easily visible on the home and privacy policy pages. Also, you will want to include a link or checkbox somewhere on the “Do not sell my personal information” page so users can request to access the personal information you have on them and delete it. You will have 45 days from the date of request to erase this information.

The other thing you will need to do to be CCPA compliant is to set up security measures so that the user data you have stored is protected. To keep this information safe from falling into the wrong hands, you should have the following:

  • antivirus software
  • up-to-date software
  • ransomware protection for cloud
  • software that monitors risky third-party apps
  • encrypted cloud backup
  • software to monitor domain activities for abnormal data downloads and sharing
  • perform regular data audits

Now that you know what is required, it should make things a whole lot smoother to ensure you are legally on track, fulfilling the obligations necessary to keep and protect your consumers’ rights and personal data private.

 

 

Article by
Ava Collins
Content Writer and Researcher

Student award winner Ava Collins