According to the California Legislative Information and Attorney General of California Department of Justice websites:
What is the CCPA?
The California Consumer Privacy Act (CCPA), was enacted in June 2018 and took effect on January 1, 2020. Enforcement of the law, making organizations liable to civil suit and regulatory fines, starts on July 1st, 2020.
The CCPA grants new rights to California consumers:
- The right to know what personal information is collected, used, shared or sold, both as to the categories and specific pieces of personal information;
- The right to delete personal information held by businesses and by extension, a business’s service provider;
- The right to opt-out of sale of personal information. Consumers are able to direct a business that sells personal information to stop selling that information. Children under the age of 16 must provide opt in consent, with a parent or guardian consenting for children under 13.
- The right to non-discrimination in terms of price or service when a consumer exercises a privacy right under CCPA.
Which businesses does CCPA apply to?
You must comply if your business:
- Earns $25 million or more in annual revenue
- Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices
- Earns more than 50% of revenue from selling consumers’ personal information
As proposed by a draft regulation, businesses handling the personal information of more than 4 million consumers will have additional obligations.
As a business, what do I have to do, to comply?
ZipComply Concierge is here to help you comply with CCPA. As a business, you must consistently work on your product(s) and/or service(s) to provide the best customer experience. Just as you have experts taking care of different areas of your business (Advertising, Marketing, etc.), you also need experts to help you in compliance matters. Rather that overloading and retraining your current staff, it is more efficient and effective to delegate all compliance related tasks to ZipComply. This is what we do.
Businesses subject to the CCPA must provide notice to consumers at or before data collection
ZipComply will provide you a comprehensive Cookie management solution for your consumers that will keep them informed of what data is being collected via the website. This solution includes Cookie Banner, Cookie Preferences and store the consumers consent while they are on your website.
Businesses must create procedures to respond to requests from consumers to opt-out, know, and delete
For requests to opt-out, businesses must provide a "Do Not Sell My Info" link on their website or mobile app.
According to the law, the business must provide the consumer two or more methods for submitting requests for information. One of the options must be a toll-free telephone number to which consumers can easily call to make data requests. If your business operates exclusively online, your second option could be to provide an email address and/or an online form for the data requests.
ZipComply provides a toll-free number which is answered by live agents (not automated), who accept the data request and validate the consumer's identity. This service is accessible 24/7, making it as convenient as possible for your consumers. ZipComply also provides an simple online form for consumers to submit their data request on your website.
Businesses must respond to requests from consumers to know, delete, and opt-out within specific timeframes
Businesses must deliver the required information to the consumer free of charge within 45 days of receiving a verifiable request. The business should verify the consumers identify and the validity of the request, but this process shall not extend the business' duty to provide the information with 45 days. The business can extend information delivery once by an additional 45 days when necessary by providing the consumer with notice of extension.
The information provided to the consumer will cover the 12 month period preceding the business' receipt of the verifiable consumer request. The business will deliver the information electronically or by mail.
ZipComply Concierge will take care of all the back and forth communication with the consumer via mail or electronically. All you need to do is to provide the requested information for the data requests. We will also make sure we are in constant communication with you, so that we handle all data requests within 45 days. We will remind you via email and on regular phone calls.
As proposed by the draft regulations, businesses must treat user-enabled privacy settings that signal a consumer’s choice to opt-out as a validly submitted opt-out request.
Businesses must verify the identity of consumers who make requests to know and to delete
The business may verify the customer's identity before providing any sensitive information but should not require the consumer to create an account with the business. To identify a consumer, the business can compare the information from the verifiable consumer request, to any previously collected information by the business.
ZipComply will manually validate the consumer's information to make sure they reside in California and provide the pertinent information to your business to get the data request fulfilled.
As proposed by the draft regulations, if a business is unable to verify a request, it may deny the request, but must comply to the greatest extent it can. For example, it must treat a request to delete as a request to opt-out
As proposed by the draft regulations, businesses must maintain records of requests and how they responded for 24 months in order to demonstrate their compliance.
ZipComply maintains all user consents from the cookie banner, the data requests via the toll-free number, and the online form for 24 months from the initial request date. You need not worry when it keeping records.
As proposed by the draft regulations, businesses must disclose financial incentives offered in exchange for the retention or sale of a consumer’s personal information and explain how they calculate the value of the personal information. Businesses must also explain how the incentive is permitted under the CCPA.
What do you need to comply?
Let us help you with The California Consumer Privacy Act (CCPA) compliance. Sign up to our ZipComply Concierge service which provides the following among other features.
- Cookie Consent Solution
- Cookie Banner
- Cookie Preferences
- Website Consent Form
- Compliance Reminders
- 24/7 Dedicated Toll-free Number
- Unlimited Data Subject Requests
- Unlimited Manual ID Verifications
- Unlimited User Consents
- Consent and Request Storage