Counting down the clock to CCPA

The California Consumer Privacy Act (CCPA) is a new consumer protection law set to take effect January 1, 2020, with enforcement beginning July 1, 2020. This legislation loosely follows Europe’s General Data Protection Regulation (GDPR) and aims to give Californians control over the use of their personal data. While this piece of legislation specifically applies to California residents, at least 15 other states have developed similar “copycat” laws, suggesting a widespread adoption of similar legislation nationwide is near. 

To help you prepare, we’ve answered some common questions below with preliminary recommendations on how to ensure you’re compliant. We encourage you to speak with your legal team to determine an approach that fits your organization’s specific practices. 

New rights for consumers under CCPA

According to the California Department of Justice, the CCPA gives Californian consumers the following rights:

• Right to know what personal information is being collected, used, shared, or sold.

• Right to delete personal information collected by you or your partners.

• Right to opt-out of the sale of personal information. This includes sharing personal information with third-parties.

• Right to non-discrimination in terms of prices or services when a consumer exercises their rights.

Qualifying for CCPA 

If you collect information—whether voluntary through contact forms or involuntary through website cookies—from current or prospective Californian consumers, you will need to comply if one or more of the following criteria applies:

• Your annual gross revenue is more than $25 million.

• Your organization receives, shares, or sells personal information of more than 50,000 individuals.

• Your company earns 50% or more of its annual revenue from selling personal information of consumers.

Complying with CCPA

Unfortunately, there’s no one-size-fits-all solution to CCPA compliance, but we’ve outlined three basic recommendations to help you get started. 

    1. Document the data you’re storing and where it’s stored: create a data inventory that identifies the personal information you collect, how you collect and use it, the partners and platforms that you share the information with (think paid search providers like Google, CRMs like HubSpot, website optimization tools like HotJar, etc.), and how the information you collect is retained, secured, and disposed of. 
    2. Review vendor/third-party data practices: identify all vendors and third-parties with which personal information is being shared, review the existing contracts with those parties to ensure compliance, and confirm the vendors and third parties, themselves, are compliant. 
    3. Make updates to your website: update your privacy policy to reflect the data inventory and vendor/third-party contracts and practices you’ve documented. Simultaneously add a consent pop-up to your website that educates users on the personal information being collected with a link to your privacy policy. Finally, add a “Do Not Sell My Personal Information” link to the homepage of your website. Click here to learn more about making your website and privacy policy compliant.

If you have questions about CCPA or would like a quote for integrating our ready-made consent pop-up solution on your HubSpot, Pimcore, or WordPress website, don’t hesitate to reach out.

Sources not cited above

• American Bar Association, California Consumer Privacy Act

• BakerHostetler, The California Consumer Privacy Act: Frequently Asked Questions 

• The National Law Review, Top 10 Things to Do to Prove CCPA Compliance

Hayden Sorensen, Digital Strategy Manager, smiling while posing for the picture
Hayden Browning

Related Articles

What B2B Marketing Leaders Really Want in 2024
As we traverse 2024, B2B marketing executives face a rapidly evolving landscape with both new challenges and opportunities—looking at you, AI. To better understand their priorities, pain points, and what they truly value in an…
Read More
How to go cookieless in 2024: What marketers need to know
Beginning the first week of 2024, Google is set to being phasing out third-party cookies. With cookied inventory accounting for 78% or more of programmatic ad buys, the post-cookie era will bring about a seismic…
Read More
How brands are using AI and more to deck out social feeds for the holidays
As the holiday season approaches, businesses are gearing up for the annual online shopping frenzy. With consumers increasingly turning to the digital realm for their holiday purchases, social media advertising has become a crucial tool…
Read More
INBOUND 2023: The brave new world of the AI boom
Earlier this fall, several members of the Grafik marketing team attended INBOUND, a cutting-edge marketing and technology conference hosted by Hubspot. The event was jam-packed with insights, innovation, and inspiration, with two dominant topics that,…
Read More