The issue of consumer privacy has been exploding recently, especially with the California Consumer Privacy Act (CCPA) and everything involving Facebook for the past couple of years. If you’re like most business owners and unsure of what the CCPA is or if you should be worried, just know that if you’re a for-profit business in California or you are collecting California consumers’ personal information, this is one law you cannot ignore.
What is the CCPA?
The California Consumer Privacy Act is currently the most comprehensive privacy legislation in the United States, with extensive new compliance requirements and liabilities as of January 1, 2020. The American Bar Association states that, in short, the CCPA grants California residents new rights with respect to the collection of their personal information, including, among other things, the right to be forgotten (deletion of information), the right to opt-out of the sale of their personal information, and the right to know what information a business collects about them.
The CCPA applies generally to for-profit businesses and sets threshold requirements for its application. The CCPA will apply to businesses around the world if they exceed one of the following thresholds:
- annual gross revenues of $25 million
- annually buy, sell, receive, or share, for commercial purposes, the personal information of 50,000 or more consumers, households, or devices
- derive 50 percent or more of its annual revenues from selling consumers’ personal information
If your business falls into one of these thresholds, the good news is there’s still time to prepare and get your company CCPA compliant. According to a PossibleNOW study, only 8 percent of businesses are prepared for it. Alex O’Byrne, Director and Co-Founder of We Make Websites, has some advice for independent retailers to get CCPA compliant.
Follow the Leader
O’Byrne says indie retailers can take a few lessons from big box retailers, since they already have a lot of experience with the General Data Protection Regulation (GDPR) in the EU. The CCPA is the same sort of privacy principal, giving consumers more rights to protect their personal information. “The good news is it’s not too difficult to comply with the CCPA and it’s the right thing you should be doing anyway. Just make sure your customers know what you’re tracking about their information,” O’Byrne said.
An example of how big brands are handling the law can be seen on the homepage of Billabong. On the bottom of the home page, there’s a link titled ‘California: Privacy / Do Not Sell My Info’ that brings the shopper to another page with more information on the CCPA as well as a form for California residents to fill out to gain access to how the company uses their information.
O’Byrne is telling retailers to activate all of this ASAP:
- Hurry up – implementation costs have risen to help brands get CCPA compliant and there are fewer resources
- Data privacy means reputation handling — think about one upset consumer or employee causing havoc
- Think beyond California — other states are considering this law, too
- Update privacy policies on your websites
- Explore contract amendments with an attorney for all vendors
- Find out where data lies with third-party vendors and exactly what data they’re gathering
- Be ready to tell consumers how you’re collecting their personal data and how you use it
The CCPA Isn’t Just for Consumers
According to O’Byrne, California employees also have the right to know what personal information is being captured and how it is being used. “The CCPA is primarily aimed at consumers and ecommerce businesses, but employees can also benefit from this law and that might come as a bit of a surprise for companies,” O’Byrne said.
Going Beyond California
The reality is, with how popular the consumer privacy issue has become, other states are sure to follow suit shortly. O’Byrne says this could be a scary issue because each state can create their own legislation and it might not all be unified across the U.S.
“There are different sales tax structures in every state and there are more complicated parts of the CCPA compared to GDPR. Currently, if it goes national, we would all hope that they wouldn’t be too much different from one another, but if a big tech provider comes out with a security break, there could be all these different laws across jurisdictions,” O’Byrne said.
All in all, the CCPA really isn’t a frightening monster and it’s fairly easy to get compliant, but just make sure your business is compliant as soon as possible. Otherwise, your store could be hit with thousands of dollars of fines, as well as a black mark against your store’s reputation.