The California Consumer Privacy Act (CCPA), enacted in 2018, creates new consumer rights relating to the access, deletion, and sharing of personal information that is collected by businesses. This has left businesses everywhere wondering “does my website need to be compliant?”
The penalties are serious. A single violation of CCPA law could result in a maximum fine of $7,500! And it doesn’t matter where you operate your business – if you have consumers from the state of California visiting your site you must comply with the law.
Here’s a look at how CCPA may apply to your website and what to do next.
Is My Website Impacted by CCPA?
If your business has any of the below then you are impacted by CCPA:
- Generates over $25 million in revenue
- Collects information on more than 50,000 California residents a year
- 50% or more of your annual revenue is from selling the personal information of California residents
Wait, We’re Not Talking Chocolate Chip Cookies?
There are three different kinds of cookies your website might be collecting: targeting, tracking, and essential or strictly necessary cookies.
A “Targeting” cookie is usually set through your site by advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
A “Track” cookie is usually an Analytics tool like Google Analytics, Adobe Analytics, HotJar etc… basically any cookie that sends behavior data to be tracked.
“Essential” or “Strictly Necessary” cookies are allowed to always be active because those are cookies that do not store Personal Identifiable Information (PII). These are cookies that would remember your settings, for example, opting out of certain settings or remembering to keep you signed-in.
How to Comply with CCPA
If your business meets one of the criteria above you will need to be CCPA compliant. This means implementing several things for your customers to notify them of tracking and allow them to manage their settings:
- A cookie banner notifying the user that your site tracks cookies.
- An area allowing the customer to customize certain cookies and determine how they want their information tracked.
- An intake form for California residents to request a copy or deletion of their information.
The business logic to power these abilities is not a simple task and requires careful implementation.
What to do Next
The development team at Atypical Digital are experts in CCPA auditing and implementation. We love helping companies of all sizes with their digital presence. Compliance is a serious topic, but one that can be quickly and easily accomplished. As the saying goes, an ounce of prevention is worth a pound of cure. Our team can talk you through your current situation and give ideas on what to do next and work for you to make sure CCPA compliance is done correctly.