Skip to content

How to Become CCPA Compliant Like These Californian Brands

Harry R. 12/8/21 11:10 AM

Table of Contents

You've might have come across a Do Not Sell My Information page on a website you've been browsing the past few years.

Whether you’re a business owner or a consumer, you’ve probably heard about the CCPA. Since it came into force in 2018, the California Consumer Protection Act has given consumers in the state of California a collection of rights and protections when it comes to their personal data privacy.

The CCPA follows in the footsteps of other privacy laws, like the EU’s General Data Protection Regulation (GDPR) and the US’ Health Insurance Portability and Accountability Act (HIPAA). It’s another law that has encouraged brands across the country and further afield to reassess their data policies for the better.

But what makes a brand CCPA complaint?

We’re going to break down two standout examples of CCPA compliance in the form of California-born ecommerce brands Skims and Hims. We’ll also show you an easy way to streamline your own CCPA compliance efforts. 


Step 1: A Complete Privacy Policy Page

One of the most integral themes of the CCPA is the customer’s right to know and understand when and how their data is being collected. The best way for a business to inform customers of this data collection is through a privacy policy page.

Hims is a California-born eCommerce brand with a, particularly impressive privacy policy page.

Safari (Catalina) - Dark

As the brand specializes in sex, hair, skin, supplement, and mental health wellness products, Hims needs customers to trust them. One way to build trust with your audience is through a privacy policy page that goes above and beyond the basics.

While it may be lengthy, Hims’ privacy policy page is very well written. Because a privacy policy page serves as both a legal document and a handy guide for customers, the challenge in crafting a great one lies in being able to make it user-friendly without losing those all-important legal statements.

Hims manages this balance well, largely by keeping their language clear and concise, using distinct sections, and calling on the help of formatting to streamline the experience.


Hims (1)


One of the best parts about Hims’ privacy policy is their “Summary of Information Practices” section, which features an excellent table that breaks down the brand’s data collection and usage policies. For a brand that has to contend with not only the CCPA, but other privacy laws like HIPAA as well, Hims remains a great example of a CCPA compliant business that gets it right. 


Step 2: A Simple “Do Not Sell My Information” Page

Alongside making your brands data policies widely available to customers, the CCPA also requires you to give your customers some control over how their data is used. The most obvious example of this is that customers must have the opportunity to opt out of the sale of their personal data. 

For always-online ecommerce businesses, this is an especially important policy, as recent research shows that data is one of the most valuable resources. With personal data being so lucrative, it’s easy to see why brands might be tempted to sell this data on. The CCPA doesn’t restrict the sale of data, but you do need to give people an easy way to opt out.


Data Requests - 1


Despite the disadvantage of losing out on valuable customer data, Skims, a “solutions-oriented” underwear and loungewear company, has taken a proactive approach. The brand’s “opt out” page is easy to find and simple to use. Built into their privacy policy page is a table of contents, which leads to multiple related pages — including a CCPA request page. On this page there’s an easy to use form, where consumers can directly submit an opt-out request. 

Skims’ online form doesn’t just fulfil the minimum “opt out” request — it features tons of options for the consumer to interact with their data. Alongside the “do not sell my information” request customers can also request a copy of their personal data or request that their data is deleted.


A less proactive and trustworthy brand might be tempted to hide these options, to hold on to as much personal data as possible. By giving their customers these self-service data management options, Skims is not only staying CCPA compliant, but showing a commitment to using customer data respectfully. With 69% of US consumers expressing concern over the handling of their online data, Skims’ policies go hand in hand with building a trustworthy brand reputation.


How to Become CCPA Compliant Using Enzuzo

Skims and Hims are definitely brands to be inspired by when it comes to proactive CCPA compliance. While they’re a great place to look for ideas and inspiration, putting together your own policy pages can feel overwhelming. Luckily, you don’t need a law degree or hours of free time to take steps towards CCPA compliance — at Enzuzo, we’ve got the ideal tools to help. 

Best Shopify Privacy Examples

With our data privacy management platform, building a CCPA compliant business is easier than before. You can create and customize your privacy policy, build your terms of service, and manage data requests from one place. 

Harry R.