California Consumer Privacy Act (CCPA) went into effect today — January 1st, 2020. Is your e-commerce business compliant with CCPA? In this article, I will cover some of the basics of CCPA requirements and responsibilities to get you a head start — but technically, it would be more of a late start since CCPA is already in effect. Better late than never, right?
Do You Need to Worry About CCPA?
You do if your business meets any of the following criteria:
- Your annual gross revenue exceeds $25M
- Deal with 50K or more California consumer’s personal data online or offline
- Earns half or more revenue from selling consumer data to others
How to Comply with CCPA?
To comply with CCPA, you need to consider the following:
- If you deal with minors (13–16 yr olds), you must obtain consent from their legal guardians
- If your business deals with more than 50K or more California consumer’s personal data, you will need to let them know by disclosing what you do with the data. If you are using third-party tracking tools or pass the data to advertisers, you must allow the California consumers an option to opt-out of such process
- You must include a “Do Not Sell My Personal Information” link on the home page, possibly on the footer, that takes the California consumers to a page where they or their authorized person/entity can request to delete their personal information from your systems
Should You Implement CCPA Anyway?
Even if your business does not meet the above requirements of required compliance of CCPA, you should consider implementing the recommended measures of CCPA to earn consumer trust. It is also likely that other states will adopt CCPA, and eventually, it will become a requirement that has to be met for doing business in America. So, this is where you can get a head start against your competitors in the same economic bracket.
Most businesses that need to comply with CCPA are not ready, and according to some news articles, it is likely that California will start enforcing this around the mid-year. So let’s get it done!
Who Cares about CCPA?
Every company that meets the requirements should. However, it appears that even though companies like Google, Microsoft are going forward with implementing CCPA, the big elephant in the room — Facebook — which has become synonymous with a leaky pipe of user data is not going to implement CCPA. They claim that they never sell user data.
Frankly, I was hoping for Facebook to take the lead on this and start earning back trust from their California users. But it doesn’t look that way at the time of this writing.
Want to Learn More About CCPA?
Ken Nguyen wrote an excellent in-depth article about CCPA that goes into many details from the consumer’s point of view. For example, Ken Nguyen discusses CCPA’s lack of scalable accountability model and impractical enforcement authority that lies solely with the Attorney General. It is an excellent read, and I highly recommend it.