Do I Have to Comply With the CCPA?
It's crucial for you to know if you have to comply with the California Consumer Privacy Act (CCPA). This relatively new law requires you to protect consumers' personal information as well as many other requirements. Failure to follow these requirements can even result in high fines and the potential for lawsuits. eCommerce companies, marketers, and advertisers must follow these requirements to avoid negative impacts on their business and bottom line.
Enzuzo helps your business know whether the CCPA applies and how to comply with its requirements. We help you build your eCommerce business and manage your personalized privacy policies. You can build customer trust and ensure you comply with all applicable privacy laws — including the CCPA. We have everything you need to manage your privacy policies in one simple platform to make compliance easy and accurate.
What Does CCPA Stand For?
CCPA stands for California Consumer Privacy Act. The California legislature passed this law in 2018, but the law took effect in late June of 2021. This time period was designed to give businesses time to change their policies and technology to comply with the new requirements.
This particular law was proposed by the citizens of California themselves through a petition process. The petition collected 629,000 signatures — demonstrating just how important these data protections are to Californians.
The purpose of CCPA is to ensure personal data is protected for California consumers. It holds businesses to certain standards to protect information used in the digital marketplace. It can affect eCommerce business owners on Shopify, Squarespace, Wix, and much more. You may also wonder: "What does the CCPA mean for advertisers?" Advertising and marketing companies are also affected by this new law, as targeted ads require consumer data to function properly.
What Is CCPA Compliance?
Methods to comply with the CCPA include but are not necessarily limited to:
- Creating a "Do Not Sell My Personal Information" link on your business homepage to provide an opt-out for consumers
- Procedures that solicit affirmative consent for minors aged 13 to 16
- Procedures that solicit data sharing consent from parents or guardians for minors under age 13
- Policies that reduce requests to opt-in after a consumer opts out within a one year period
- Updating privacy policies to reflect the newly required information and a full explanation of CCPA rights for California consumers
- A process through which consumers may request access to their personal data
There are other potential requirements to fully comply with the CCPA. Knowing how to comply with this law may seem incredibly daunting, but you can trust Enzuzo to guide you through the compliance process. We can create individualized privacy policies that ensure you meet CCPA requirements.
Who Needs to Comply With the CCPA?
You could be wondering: "Do I have to comply with the CCPA?" The CCPA was designed to apply primarily to larger companies that deal in large quantities of consumer personal data. Small to medium-sized businesses may not be required to follow all of these requirements. However, there are many types of companies that could be required to follow this law, such as:
- Marketing and advertising companies
- Market research businesses
- Online shops or stores
- Social media companies like Facebook, TikTok, and Twitter
- Data mining companies
- Search engine companies like Google
These and many other types of businesses that handle consumer data may be obligated to follow the requirements of the CCPA. To determine if the law applies to your business, let Enzuzo evaluate your business and create a customized plan for you.
How Do You Know If You Are Subject To the CCPA?
The CCPA doesn't require that your business have a physical presence in California. It doesn't even require that you purposefully seek out California consumers for your business. If you offer goods or services online and a California shopper visits your website, you could be obligated to comply with the CCPA.
There are three threshold requirements to know if you are subject to the CCPA. You must follow this privacy law if your business meets any one of these criteria:
- Your business had annual gross revenue of more than $25 million
- Your business derives 50% or more of its annual revenue from selling personal information
- Your business receives, shares, or sells the personal information of 50,000 or more California residents for a commercial purpose
Smaller businesses are unlikely to meet some of these criteria. However, meeting even one can suddenly mean you must comply with all of the requirements. Many businesses benefit from analyzing their business model in order to see if they meet — or come close to — these thresholds. If so, they must immediately prepare to comply with the CCPA. Enzuzo is here to help with that process.
Who Is Exempt From the CCPA?
If your company doesn't meet the threshold requirements listed above, you aren't required to comply with the CCPA. These companies are exempt from following the provisions included in the California law. However, it is worth mentioning again that meeting just one requirement could mean your business must suddenly comply. Don't let yourself get caught in a sudden compliance crisis.
Other companies exempt from the CCPA include:
- Those who buy, receive, or sell consumer information for non-California residents
- Businesses with less than $25 million in revenue who do not meet other criteria
- Information collected for employment information and hiring (a limited exemption)
- Information collected for business-to-business interactions
- Warranty and recall information
- Data subject to other privacy laws (i.e. HIPAA)
- Information collected pursuant to the Fair Credit Reporting Act
These types of exemptions may apply to your business and the data you collect. Making this determination on your own can be quite challenging. Enzuzo is ready to help.
Is the CCPA Opt-Out?
The CCPA doesn't provide an opt-out for companies that meet the threshold requirements. If those requirements apply, the company is obligated to follow all of the restrictions of the CCPA.
The CCPA does include opt-out language for consumers. This is one of the rights California consumers gain as part of the privacy law. It lets them decide whether or not third parties can sell their data. This stops a business from distributing or selling the consumer's data to others once the consumer has opted out. This is one of the most important protections consumers look for and expect. It is also one of the primary reasons the CCPA was enacted.
Can Enzuzo Help Me With CCPA Compliance?
Enzuzo can help you with CCPA compliance. Our mission is to help growing eCommerce brands around the world scale and manage personalized privacy experiences that your customers can trust. We can help ensure you comply with the CCPA. To do so, we provide services like:
- Customized legal policies for CCPA compliance
- GDPR and CCPA optimization practices
- Create compliance reporting procedures
- Build cookie consent banners
- Automatically update legal and privacy policies as laws change
Complying with the CCPA doesn't have to be time-consuming or difficult when you work with Enzuzo. Get started for free to learn how to protect your business from potential sanctions of violating the law. We are here to assist you and your business.