Steps to make your website CCPA Compliant

The California Consumer Privacy Act (CCPA), one of the country’s most comprehensive pieces of data privacy legislation, was passed by California’s Office of Administrative Law in June 2018 and went into enforcement on January 1, 2020.  

While there are several components to CCPA compliance, how your site collects personal information and notifies consumers of that data is a central point.  Companies must also understand how third-party privacy compliance affects their plugins and integrations.   

To understand what the CCPA covers, let’s answer the following questions first: 

  1. What is considered personal information? CCPA defines personal information as “Information that identifies, relates to, or could reasonably be linked with you or your household.” This includes names, browsing history, social security and more. However, anything publicly available through government records is not considered personal information. There are also specific types of personal information that can be exempted but those are rare. Check out the complete list of exemptions if you’re unsure. 
  2. Who is affected by CCPA? For a business to be subject to the laws of the CCPA, it must meet one of the following conditions: 
  3. Generate a gross annual revenue of over $25 million.; 
  4. Buy, receive or sell personal information of more than 50,000 California residents, households, or devices; or 
  5. Generate 50% of their annual revenue from selling personal information of California residents. 

One thing to point out is that the CCPA only applies to for-profit businesses. It does not apply to nonprofits and government agencies. The law also has provisions specific to data brokers that collect and sell personal information. Finally, CCPA only protects California residents. Non-natural persons (such as California business entities and associations) are also excluded. 

Now that we have a better definition of what CCPA is and whom it covers, let’s dive into the seven steps to make your website CCPA compliant.  

 7 Steps To Make Your Website CCPA Compliant 

  1. Update your privacy policy. The first step most companies should take is to create or update their privacy policy on their website. It should share how your company collects, uses, shares, and sells personal information. It should also include users’ rights as defined under CCPA and other applicable data privacy laws. 
  2. Create “notice at collection” statements. Businesses are required to notify consumers at the time of collection of specific details including: 

a. What type of PI your business collects (name, email address, etc.) 

b. Why you’re collecting it 

c. A link to your privacy policy webpage 

d. “Do Not Sell” link if your company sells personal data 

This notice must be displayed before you can collect personal information. Common places for the notice are your site’s homepage or landing pages. Make the language you use in your notice is in “plain, straightforward language” and avoids technical or legal jargon. As a general rule, your language should match the customer’s language. 

3. Provide extra collection details. On top of the required information in the notice, include additional collection details, if possible, including: 

a. What type of sources from which your business collects PI 

b. What type of third parties with whom you share PI 

c. What type of information your business sells or discloses to third parties 

Transparency is more than just ethics. It’s better for both parties. Being this transparent makes it clear to consumers upfront and avoids extra work down the road. 

4. Include a CCPA request form. If a California consumer can’t find what they’re looking for on your privacy policy, CCPA mandates they have the option to request that information. Creating a CCPA request form to capture and pass along those requests can make it easier. 

5. Provide a toll-free phone number. CCPA requires businesses to provide at least two methods for submitting requests – one through its website (if available) and another by phone. Share your company’s toll-free number in plain sight on your privacy statement page.  

6. Review cookies. Run a cookie scan on your site to see what cookies and trackers are on your site. Be sure to identify both first- and third-party cookies on your site. 

7. Check mobile and responsive views. Double-check your notices and web pages to ensure your mobile version is up to par with CCPA requirements.  

Although this isn’t a one-size-fits-all list, it’s a great start to make your website CCPA compliant. Align your organization with the California Consumer Privacy Act with Adzapier CMP.

Previous PostNextNext Post