Understanding the California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a piece of legislation passed in 2018 and enacted in 2020. The law gives California consumers control over the data companies collect, and consumers can even ask companies to remove specific pieces of information that have been gathered in the past.
Few companies can afford to ignore the California privacy law. The legislation could protect any consumer who pops into your website. If you void visitor’s rights, you might face potential fines.
What is the California Consumer Privacy Act (CCPA)?
In the past, companies could collect a great deal of information about their website visitors. Consumers had little control over how their data was used, and sometimes, they didn't even know what a company knew about them. The California Consumer Privacy Act of 2018, commonly known as CCPA, changes the situation dramatically.
This significant law started as a small ballot initiative sponsored by the Californians for Consumer Privacy. After the law passed through legislator's hands and was approved, companies had several years to prepare for compliance. In 2020, the law went into effect, and all companies had to obey it or face the consequences.
Key CCPA elements
Like most legislative efforts, the CCPA includes thousands of words and many legal principles. But the underlying principles and elements are relatively easy to understand.
The California State Department of Justice says consumers have four basic rights under the CCPA:
- Knowledge: You have the right to know about the data a company collects about you.
- Deletion: You have the right to ask a company to remove personal information that identifies you.
- Removal: You have the right to ask a company not to sell your personal information.
- Protection: You are protected from discrimination if you exercise these rights.
Personal data is at the heart of CCPA. Think of something that could identify you in a crowd of people, and you're likely talking about protected data. You could ask a company to stop collecting your:
- Name
- Social Security number
- Email address
- Location
Your browsing history, including the places you’ve visited before a specific website and the next place you go, could also identify you. Companies typically track your path with a tiny digital tag called a “cookie.” If that tag is persistent, meaning it can track you through sites or over a long time, it is considered personal information within the CCPA.
CCPA compliance: How does it work?
The law includes the word "California," and it's easy to assume that only companies operating in the state are charged with compliance. Unfortunately, that's just not true.
Only California residents have CCPA rights. But they take those rights with them when they’re online. If you engage in transactions for financial gain (which could mean something as simple as operating an online shop), you could be serving Californians.
And most websites don't screen people by location. If you're online, anyone in any state could find you. There's no real way to ensure that you're protecting California residents unless you try to do so.
As a company, you must comply if