While private policy guides have been a mainstay of the internet for a long time now, there weren't any set standards set by lawmakers, and the CCPA is one of the first of its kind. This new consumer data privacy law passed via a ballot initiative and became effective on January 1, 2020. If you are a dropshipper or want to get into dropshipping and operate nationally within the states, you need to make sure you know all there is about meeting the CCPA standards. That's where Dropship US comes in.
What Is The California Consumer Privacy Act (CCPA)?
Now, if you aren't familiar with legal terms, then the words in the CCPA can become a bit confusing for you. However, just because you don't understand it doesn't mean it's wrong or isn't essential. The CCPA is a serious regulatory law that California passed, and failing to comply with it has profound implications. The CCPA was initially passed by the California state legislature back in 2018, and it went into effect in January 2020.
Much like the GDPR, it forces organizations to meet specific standards for protecting consumers' data privacy rights. The Berkeley Economic Advising and Research, LLC revealed in a Standardized Regulatory Impact Assessment that the CCPA regulations would protect over 12 billion dollars worth of personal data each year in California alone. Meaning the lawmakers are taking online privacy as a serious matter, so you as a business cannot be lacking in meeting the regulatory standards.
Why Do We Have The CCPA?
CCPA hopes to safeguard online privacy and protect every Californian's private data, much like its European counterpart. While it may seem like a bad thing for businesses but it really isn't. It is a huge leap forward for consumers who like to know their privacy is ensured. Besides, if you think about it then, aren't we all consumers at the end of the day? We interact with different businesses daily, resulting in you leaving behind amounts of personal data, even data you don't realize you have.
Before introducing the CCPA, entities who had your data weren't held responsible for how they used it. However, the CCPA changes all that as it believes you own your data and you have a right to know where it is and allow how it will be used. It gives California residents new rights when it comes to online privacy policies. When we say your personal data, we do mean it protects your data. Here are some of the things that the CCPA protects:
- Credit card numbers
- Real names
- Postal addresses
- Social security numbers
- Income or similar information
- Browsing history and search history
- Commercial information
- Political affiliations
- Education information
- Religions affiliations
- Unique personal identifier / account name / online identifier
- Driver's license number
- Geolocation data
- Biometric information
- IP address or other device similar identifiers
- Passport number
- Other identifiable information
You may not have realized, but companies out there are collecting, sharing, and selling all the personal data you have to offer to the highest bidder. While most of the data are usually used in marketing and advertising efforts but in the wrong hands, it can turn fatal for users and lead to identity theft. The CCPA believes that you as a consumer have certain rights, and there are certain obligations that entities must follow when it comes to online privacy.
The purpose of this new law is to make sure businesses are protecting the data consumers agree to share with them or avoid collecting or sharing the personal data of consumers who decline permission. These measures were carefully thought out and elaborated to ensure companies understand what is required of them. The California lawmakers didn't want to leave much to interpret in this regard.
What Were New Regulations Set By The CCPA?
Because the law is new, issues are popping up regularly, and there are already several proposed modifications to the original regulations. These regulations, however, are quite fluid and are subject to change. But until the changes are made, let's talk about the law in its current state. According to California's Office of the Attorney General, businesses operating within California must meet the following regulations:
- Notifying the consumers when or before they collect personal data.
- Allowing people to opt-out, read, and delete their personal data from storage. Additionally, businesses are required to provide a "Do Not Sell My Personal Information" link for opting out.
- Businesses must respond to customer requests within specific timeframes.
- Businesses need to verify the identity of consumers who want to read and delete their information. That holds for customers who have password-protected accounts with the company.
- Businesses must disclose all the financial incentives for retaining or selling the consumer's personal data and how the data is valued.
- Businesses must maintain records of all access requests for 24 months and their response to the claims.
What Consumer Rights Does CCPA Ensure When It Comes To Personal Information?
The CCPA was carefully designed to create specific consumer rights regarding personal data and data privacy. If you know what GDPR is all about, then you will find the California Consumer Privacy Act Compliance echoes the same concerns. Imagine the GDPR but for Californians. So what does the CCPA ensure? Well, it makes sure of the following things:
- Californians have the right to know what data is collected, used, shared, or sold, both as to the categories and specific personal information pieces.
- Californians have the right to delete personal information held by businesses and other vendors.
- Californians have the right to opt-out of the sale of their personal information and direct a company to stop selling their data. There should also be an opt-in consent for children under the age of 16, while for children under 13, parental or guardian consent is needed.
- Californians also have the right to non-discrimination when it comes to exercising their privacy rights under the CCPA.
Who Needs To Comply With The CCPA Regulations?
If you think the CCPA laws impact large-scale operations such as Google and Amazon, then you are in for a surprise. While every company should value ethical boundaries set for protecting private data, some companies do not need to meet the CCPA regulatory standards. According to the office of the California Attorney General, you must comply with the CCPA regulations if the following conditions are met:
- When a business has an annual revenue of 25 million dollars or up.
- When a company buys, receives, or sells the consumer's personal information of 50,000 or more consumers, households, or devices.
- When a business generates 50% or more of its revenue from selling consumers' personal information.
- In addition to the regulations mentioned earlier, businesses that handle the personal information of more than 4 million consumers will have additional obligations.
What Happens When A Business Fails To Comply With The CCPA Regulations?
The fines for non-compliance with the new CCPA regulations vary per the law and the offense made. For domestic civil penalties, the penalties start at 2,500 dollars per violation for non-compliance that's been deemed unintentional. The fines jump to 7500 dollars per violation for intentional non-compliance. Then there's also the timeframe of response that is taken into consideration when dealing out the penalties. CCPA states that if a business can "cure" the non-compliance within 30 days of notice, then the company will only get off with a warning.
How Will The California Attorney General Enforce CCPA Laws?
Till now, we haven't seen any clear indications as to how the California Attorney General wishes to proceed with implementing the CCPA laws. However, one thing has been made clear: the state doesn't have enough resources and is limited in its enforcement capabilities. The state needs more resources to effectively ensure companies comply with the California law and manage non-compliance cases.
Several experts are expecting that companies may try and take advantage of this situation and take their chances of avoiding the attorney general's eye. But Californians aren't waiting for the state resources to bulk up or for the companies to learn how to comply with the CCPA laws. There are already quite a few consumer class action lawsuits making their way through the court system. While the decisions on these cases are pending, the potential litigation has made one thing clear.
Companies cannot get away with non-compliance, at least not without incurring a massive cost. Because not only will there be financial repercussions, there will also be the tag of being a bad actor when it comes to ensuring the safety of private data. This is significantly damaging to brands as the modern consumer emphasizes ensuring data privacy. So companies who want to do business with California residents have to make sure they comply with the CCPA regulations or suffer the consequences.
Are There Other States That Has Laws Like CCPA?
While many already believe that privacy laws should be a federal concern and not only a state matter, there hasn't been much headway in that department. While a federal standard would be the best model for all companies to follow within the country, no state other than California and New York has data privacy laws. However, companies impacted by the CCPA regulations are usually working nationally or have a worldwide reach, meaning they are already taking steps to protect consumer data worldwide.
Who Ensures CCPA Compliance?
Ensuring CCPA compliance is a company-wide effort. While your CEOs and CIOs usually lead the charge, several other departments handle and collect user data. To ensure your business is CCPA compliant, everyone must know and understand why protecting consumer's private data is critical for you as a business. Marketing has the most significant need for user data as it helps for better targeting customers and ensures high-optimization of campaigns. Now, every time a consumer allows a website cookie, or fills out a form, or makes a purchase online and gives out personal data, it is protected under the CCPA, unlike before. And this applies to your sales department as well.
Remember, along with everyone else, you are responsible for the quick and easy consumer data spread within the organization. So as a business, you should have a systematic way to adhere to CCPA requirements. You need to identify consent as an organization and have frequent cleansing and reviewing of all databases. You also need to showcase consent pop-ups and policies front and center and notify consumers how their data is collected, stored, used, and shared. Remember being proactive is the best way to minimize the risk of non-compliance.
Build A Business That You Can Trust
So there you go, that's all you needed to know about the CCPA regulations. As you can see, it is now the gold standard when it comes to protecting and creating privacy policies for new businesses along with the GDPR. When you have a business that meets CCPA standards, you are not only working within complete ethical boundaries, but your customers will also consider you to be a trustworthy option.
And with that being said, that's all we have for you today. Let us know in the comments below whether you like the privacy policies and laws that safeguard consumer information. Also, hit us up on our socials with ideas and suggestions for what you want us to cover next. We will come back with something new for you soon. Until then, see ya!