COOKIES. CONSENT. COMPLIANCE
secure privacy badge logo
November 9, 2019

CCPA Compliance: Frequently Asked Questions

The California Consumer Protection Act (CCPA) is having a significant effect on business privacy activities across all technological, media, and entertainment, as well as telecommunication sectors. 

The California Consumer Protection Act (CCPA) is having a significant effect on business privacy activities across all technological, media, and entertainment, as well as telecommunication sectors. 

Regarded as the most stringent privacy law in the US, CCPA gives residents of California the privilege to oversee how companies handle their data. For this reason, once the CCPA is implemented, businesses in the state will be required to honor data subject requests for access, deletion, and opting out of the sharing or sale of their information.

In this article, we answer the five questions business owners frequently ask about CCPA compliance.

You can also check out Secure Privacy's GDPR and CCPA Compliance features for Publishers.

Who Does CCPA Apply To?

This law targets for-profit enterprises that gather and control personal data, operate in California, and satisfy at least one of these thresholds;

  • Post yearly gross revenues of more than $25 million
  • Receive or reveal the personal data of 50,000 or more California residents, households, or gadgets annually
  • Generate 50% or more yearly turnover from selling personal information belonging to residents of California.

In this context, it is important to note that non-profit organizations, and smaller firms that do not satisfy turnover thresholds, or those that do not transact large amounts of personal data from residents of California and don’t share a brand with an affiliate that is covered by the CCPA will not be obliged to comply with this law.

Do I Need to Comply with CCPA if my Company is not located in California?

As long as you collect personal information of California residents and you exceed any of the thresholds, the CCPA applies to you.

It doesn’t matter where in the world your company is located. You can easily make your website CCPA compliant with Secure Privacy.

When does the Enforcement of CCPA Begin?

CCPA came into effect on January 1, 2020. Following its enforcement consumers will have the right to request that a company reveals specific pieces of data for the preceding year that the business has collected or processed about the subject.

Additionally, consumers can demand to know whether this information was sold or shared with a third-party. This point implies that businesses should have records from as early as January 1, 2019.

Nonetheless, it is crucial to take into account that the California Attorney General will delay enforcement actions for six months after the law comes into effect.

What is Personal Information under the CCPA?

The description of personal information under this regulation is broader compared to other privacy-related laws in the US. Under the CCPA, personal information refers to; ‘information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.’

The standard examples of personal information include social security and driver's license numbers, as well as unique personal identifiers such as device identifiers and online tracking technologies, among others.

However, publicly available data such as property tax information from federal records are excluded from the scope of CCPA. This law also excludes aggregated data, as well as medical or health information gathered by an individual or entity controlled by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Check out Secure Privacy's Ultimate CCPA Guide.

What type of Disclosures do Impacted Businesses need to Make?

Under CCPA, businesses should come up with privacy notices and a detailed privacy policy that are presented to consumers when personal data is gathered. 

The required privacy notices are;

  • Notice about collection, if you collect personal information
  • Notice on the right to opt-out of the sale of personal information, in case you sell consumers’ personal information to third parties, and
  • Notice the financial incentives program, if you have any in place.

In addition, to privacy notices, you need a privacy policy which should contain at least:

  • The categories of personal information you collect and/or used
  • How the information is collected and/or used
  • Why the information is collected and/or used
  • The methods to request access, change, move, or deletion of their personal data
  • The method for verifying the identity of the person who submits a request
  • Sales of users’ personal data and how they can opt-out of the selling of their data
  • Details on any financial incentives program, including the method for opting-in

CCPA will also oblige companies to publicly reveal and make customers aware of the existence and nature of their privileges under this law. The privileges include;

  • The consumer’s right to submit data requests
  • The right to opt-out of the sale or sharing of their data with third parties or opt-in for such sale.

Our objective at Secure Privacy is to help you view data privacy and security as a way of gaining a competitive edge in your line of business as opposed to being a risk management issue. That is why we have a tailored complete CCPA compliance solution that is helping leading companies build their brand and corporate reputations.

Book a call with us today and get expert guidance on the measures you need to take to meet and maintain CCPA compliance.

Additional Resources:

Get all your questions or concerns answered with our detailed CCPA summary 

Get your free CCPA e-book delivered instantly into your inbox.

Read more on the subject:

- AB-25: What this CCPA Amendment Means for Employers and Employees

- CCPA Amendments: Key Changes You Need to Know

- CCPA Service Provider Exception: FAQs and Answers

- CCPA Service Provider: The Key Qualifications

- CCPA: A Summary of Key Consumer Rights

- What is CCPA 2.0: The Ultimate Guide

image

GDPR Compliance Automation: Complete Guide & Tool Comparison

Your privacy team is drowning in manual GDPR workflows. Data subject access requests pile up for weeks. Data mapping takes months instead of minutes. Your spreadsheet-based consent records can't scale to millions of users. Meanwhile, European regulators issued €1.2 billion in GDPR fines last year alone, and your current compliance approach can't keep pace with enforcement intensity or business growth. GDPR compliance automation transforms this reality by applying intelligent technology to streamline, accelerate, and enhance the accuracy of data protection activities. Organizations implementing comprehensive automation report 85-97% reduction in compliance workloads while improving accuracy and reducing regulatory risk by up to 75%. This guide explains what GDPR compliance can be automated, which processes require human judgment, how to select automation platforms, and what ROI you can expect from intelligent privacy technology investments.

    image

    IAB TCF Compliance Tool: Choose and Implement the Right Solution

    Your Consent Management Platform just failed its IAB validation check. Three weeks before your planned launch, the CMP Validator flagged seventeen compliance issues across your consent banner implementation. Your legal team is escalating concerns about GDPR violations, your ad ops team worries about revenue impact, and nobody knows exactly what needs fixing or how long remediation will take.

    • Legal & News
    • Data Protection
    • GDPR
    • CCPA
    image

    What is ad_user_data in Google Consent Mode v2 — and Why It Matters for Your Ads

    Your Google Ads conversion tracking just stopped working in Europe. Campaign performance dropped 30% overnight. Google Tag Assistant shows consent signal errors. You're seeing warnings about missing Consent Mode v2 implementation, but you're not sure what ad_user_data means or why Google suddenly requires it.