TRAVERSE LEGAL BLOGS

CONTACT AN ATTORNEY CALL US NOW

The CCPA: What You Need To Know

Mallory King - November 22, 2019 - Internet Law, Privacy

img

The California Consumer Privacy Act (“CCPA”), Cal. Civ. Code § 1798.100, is set to take effect on January 1, 2020 and aims to enhance California’s consumer privacy rights. With most businesses collecting some sort of Personal Data from consumers, it is important to consider whether the CCPA’s new provisions apply your business – and, if they do – what steps you need to take for compliance.

Who Does the CCPA Apply To?

The CCPA applies to any business that:

(1) Has annual gross revenues in excess of $25 million

(2) Possesses the personal information of 50,000 of more consumers, households, or devices; or

(3) Derives 50% or more of its annual revenues from selling consumers’ personal information.

What Constitutes a “Business”?

Different from the GDPR – which has compliance triggered only by the collection of personal data in the EU – The CCPA only applies to businesses. The CCPA defines a “business” as a “a sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners” that meets one of the above three criteria OR “any entity that controls or is controlled by a business . . . and that shares common branding with the business.”

Something noteworthy about the definition of “business” is that it could potentially also implicate non-profit organizations, particularly if they control or are controlled by a business that meets the CCPA’s definition. Therefore, it is important for any type of business entity, whether for profit or not, to consider whether the CCPA might be applicable to their data collection practices.

What Steps Must My Business Take?

High Level, some best practices that qualifying businesses can take to be in compliance with the CCPA include:

(1) Create process for parental/guardian consent for minors under 13, as well as a process for the consent of minors between 13 and 16

(2) Create a “Do Not Sell My Personal Information” link on the homepage of your business website that directs to a page that allows users to opt-out of the sale of their personal data;

(3) Create methods for submitting data access requests, including a toll-free number that users can call;

(4) Avoid requesting opt-in consent for 12 months after a California resident opts out.

(5) Update your privacy policy to reflect implementation of the above, as well as a recital of California’s residents rights.

Need Your Privacy Policy Updated?

If you are a business that meets the standards under the CCPA and are in need of an updated privacy policy, the attorneys at Traverse Legal can help. We have been researching the requirements for CCPA compliance and developing language for incorporation of CCPA language into privacy policies. Give us a call today to see how we can help get your privacy policy up to date.

GET IN Touch

We’re here to field your questions and concerns. If you are a company able to pay a reasonable legal fee each month, please contact us today.

Please Select a Category of Law

If you decide to retain us, are your willing to pay a reasonable legal fee?

Due to current volume we are unable to offer free consultation. Therefore, we will not be contacting you. You should look for another attorney. You are also invited to review the free information on our website. Would you like to do a search?