Decisions Made with Data.

CCPA – What is the California Consumer Privacy Act? & do you need to worry?

//  by //  Leave a Comment

Updated January 7, 2023

Reading Time: 3 minutes
Judges gavel hammer with reflection from light

Privacy Isn’t Just for Europeans

Privacy online has been a talking point for a long time now and finally it seems that legislators have picked up on the topic in California by passing the California Consumer Privacy Act (CCPA). The CCPA will become law January 1st 2020. So, with four months to get ready, what do you need to know?

Want to Find Out More About CCPA?

What Does CCPA Mean for Consumers?

Since GDPR was launched in 2018 businesses must be careful about the information they collect from their customers living in Europe. The European legislation gave consumers more power over what is done with the information they leave online. It changed how businesses collect and store customer data. The cost to not following the GDPR? Hefty fines.

CCPA hopes to do the same for California residents. According to Californians for Consumer Privacy’s official website,  the organization behind the legislation, the purpose of the California Consumer Privacy Act is threefold:

  1. Ownership – You can opt out of sharing your information with companies.
  2. Control – You can control what information IS collected about you.
  3. Security – You can hold businesses responsible if they misuse your data.

To sift through the official legislation transcripts, California’s Department of Justice has background information leading up to Governor Brown’s signing the bill in 2018. 

Are you Affected by CCPA?

Right hand holding a pen while signing a portuguese contract

Unlike GDPR, CCPA will not, immediately at least, affect all businesses. Initially CCPA is focused on businesses that fall into three main categories:

  • If the business has annual gross revenues in excess of $50,000,000.
  • If the business annually sells, alone or in combination, the personal information of 100,000 or more consumers or devices
  • If the business derives 50 percent or more of its annual revenues from selling consumers’ personal information

As you can see, the initial scope of the law is fairly narrow and targets larger businesses. Whether this will expand over time remains to be seen. But for now, unless your business falls into one of the three categories listed above, CCPA does not currently affect you. However, maintaining consumer privacy is critical for all businesses.

What Do You Need to Do?

By now you should have already altered your privacy policy to reflect GDPR but to ensure compliance with CCPA you may need to add some additional information.

If you collect and process users’ personal information in any way, you need to make sure that your privacy policy includes the following points:

  • Information on what kind of information you collect and process
  • Some details on why you collect and process information
  • How do you collect and process information
  • How users can request to access, change, move, or delete any of their personal data
  • How you plan to verify the identity of the person who submits a request
  • If you’re selling customers data you need to disclose that and explain how they can opt out of the selling of their data

Please note: we’re not attorneys. So, this information may not all conclusive. As the law comes into effect you may see additional changes and interpretation to CCPA compliance. 

What’s Next for Marketers?

First GDPR, and now CCPA. Does this mean that third-party data is on the way out? Businesses have been using third-party to help build detailed profiles of their customers since the dawn of digital marketing. So, as more privacy related legislation is enacted, will we see a change in marketing tactics? At the moment it is too early to tell, but brands need to ensure they are not relying too heavily on third-party data. Because it might not be as easy to collect for too much longer.

CCPA Compliance 

Keeping your customers data safe should be a priority of every business. Trust is important. Once lost, it’s expensive and time-consuming to rebuild. Having a solid data protection strategy is the first step towards building trust. If you’re worried about that CCPA or GDPR could affect your business, feel free to reach out.

Photo credit – Top: Pexels
Photo credit – Bottom: Pexels

About Alyson Harrold

Alyson is Co-CEO and Chief Storyteller. Prior to forming the agency, her career spanned media (NBC-TV affiliates and city magazine, international ad agency) and positions like C-Suite financial services marketer and digital marketing consultant. Alyson learned how the right medium with the right message can attract the right audience. With her team, Alyson helps brands have meaningful customer interactions. Now she teaches those lessons—among others—as a UC Berkeley Extension instructor in her SEO and Digital Marketing courses since 2014. Alyson shares her knowledge as a speaker at preeminent digital marketing conferences around the country like Digital Growth Unleashed and more.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *