The California Consumer Privacy Act (CCPA) is the biggest privacy compliance challenge for businesses in California. The main focus of CCPA is to provide transparency to California residents in how the businesses and different companies collect, share and use their private data.

Who is Covered by CCPA?

CCPA essentially applies to any for-profit business in California that collects, shares, or sells California consumers’ data, and:

  • has annual gross revenues exceeding $25 million; or
  • possesses the personal information of 50,000 or more consumers, households, or devices; or
  • earns more than half of its annual revenue from selling consumers’ personal information

If your business meets any of the three criteria mentioned above, it is very likely subject to CCPA. 

We have created a quick compliance checklist of the major requirements for this New California Privacy Law:

1. Update Privacy Policy

  • You have to make sure your privacy policy complies with the CCPA requirements.
  • Make sure your privacy policy links are prominent on your website

2. You have to make sure You update your privacy policy pages after every 12 months (next effective date should be noted and put as a reminder)

3. Categories of Personal Information You Collect 

  • On privacy policy pages, You have to create the list of all categories of personal information collected in the last 12 months
  • The CCPA considers 11 categories which it considers as personal information
  • You need to disclose the source of these categories- e.g the information collected from form submissions, social media, advertising, public sources, etc.

4. Consumer Rights:
It should talk about CCPA Consumer Rights

5. Create a “Do Not Sell My Personal Information Page”

  • If You are selling consumer personal information, it is mandatory to create a page that discloses this and lets users opt-out of having their information sold 
  • This page must be easily accessible via a link on the footer of your site and within the privacy policy page
  • For minors who are under 16 years old, don’t sell their information unless their parent’s opt-in to allow data collection

5. Your Purpose For Collecting Personal Information

  • You must inform your users of why you collect their personal information
  • how you will use it
  • and for what purpose

6. Personal Information You Have Sold

  • You must mention all the categories that you sold in the last 12 months
  • Even if you didn’t sell any of them, you have to disclose that too

7. Personal Information You have Disclosed For Business Purposes

8. You must offer a means for users to access, request, or delete their personal data

ccpa checlist 2020

Infographic Source: skysync.com

Please stay updated and come back to this post anytime for new improvements and amendments