CCPA or the California Consumer Privacy Act came into effect on 1-January-2020. It is one of the first acts of this kind in the United States of America. CCPA is data privacy law regulated statewide in California. This law regulates how companies or firms around the world handle PI (Personal Information) of California locals.
Who does CCPA apply to?
CCPA law is applicable to any company or firm, whose annual gross profit is more than 25 million dollars or receives, processes, or transfers data from over 50,000 Californians annually or minimum 50% of annual revenue comes from selling Californians PI (Personal Information).
What are the user rights under CCPA?
According to the CCPA, Californians are permitted with few important rights. Californians have the right to know, right to delete, right to non descrimination, and right to opt-out.
What is data mapping?
Connecting a data field from one source to another data field in another source is Data mapping. Data mapping minimizes the possible errors, it helps making data systemized, It even helps tally the data.
The company should know the information that is being collected, then map the flow of data, and create an inventory. Lastly, have a method to classify the collected information.
Personal Information
Any customer information that identifies, describes, relates to, is linked to, or could be related to, direct or indirect, to a customer or their household is defined as PI(Personal Information).
According to the CCPA, data doesn’t have to be directly related to an individual for it to qualify as personal information. Personal data may also include information linked to a household or an individual’s device.
Steps to create Comprehensive Privacy Policy
Inform consumers of your intentions at or before the point of data collection.
Should be available in the languages in which your business provides information in California.
Make the information be available in either a banner or pop-up for when the user visits your site (consider using CMP).
Give an option for the user to Opt-Out (“Do Not Sell”)
List all the categories of personal information your business has sold in the past 12 months.
An option to OPT OUT
Customers need to have an option to opt out. This has to be easily accessible to the customers.
Include a “Do Not Sell”- Link (Opt-Out) easily available on your homepage (use ‘Consent Management Platform’)
Ask for opt-in again, only 12 months after the consumer has opted-out.
Consumer Rights Requests
Every Californian has the right to object in selling their PI (Personal Information) to any third party. Additionally if a consumer had denied or objected in selling their data, the company cannot ask the customer to consent again for next 12 months from the date of objection.
A System has to be setup to submit Consumer Rights Request – Provide at least two contact options e.g. toll-free phone number, webform, Email.
Response Time – Standard Period: within 45 days, Extended Period: up to 90 days
Data security
To fulfil the CCPA regulation, the security team needs to work closely with the database administering team, and a high level data security needs to be provided to the customers. Let us see how a company can achieve this.
Contact us to know more about how Techpearl experts can develop software products which satisfy the regulations of California Consumer Privacy Act.