Online privacy has been at the forefront of users’ minds in 2019 with the GDPR, and this won’t change in 2020. In fact, companies should be thinking about how they can make their websites more transparent and safe for all users. Kicking off the new year, the California Consumer Privacy Act (CCPA) will go into effect on January 1, 2020. This is a policy that targets businesses that collect personal information from residents from California. This act deters websites from selling personal information to outside businesses. If you’re collecting data at all, this act affects you, as you likely have California users. Although this act only applies to California users, it is sure to gain traction in other states in the future.
The CCPA applies to companies that serve California residents and have at least $25 million in annual revenue. In addition, companies that have personal data on at least 50,000 people or that collect more than half of their revenues from the sale of personal data are also affected (CSOOnline). The act will offer California users the chance to opt-out of the sale of their personal information. This can be applied to your website through a “Do Not Sell My Personal Information link” on your homepage. With this act, users will gain ownership of their information and a well-deserved sense of security thanks to the right listed by the Californians for Consumer Privacy website:
- The right know all data collected from you by a business.
- You have the ability deny the sale of your information.
- The right “to sue companies who collect your data where that data was stolen or disclosed following an unauthorized data breach if the company was negligent about how they protected your data.”
- The right to delete data you have posted.
- You are protected against discrimination when you opt-out of the sale of your information.
- Companies collecting your information must inform you of what categories of data will be collected prior to or at the point of collection. They must also inform you if anything changes to their collection categories.
- Mandated opt-in before sale of children’s information (under the age of 16).
- The right to know the categories of third parties that your information may be shared with.
- The right to know the sources of information from whom your data was acquired.
- Finally, websites/business must disclose the purpose of collecting your information.
How to Implement
Companies spent thousands preparing for the GDPR. You can be ready for the CCPA in just a few weeks by focusing on 5 key requirements:
- Implement a consumer portal so that users can request access, delete, revise, and opt-out of the sale of their personal information.
- Include authentication to ensure you’re communicating with the correct users.
- Streamline your workflow to resolve customer requests within 30 days.
- Track downstream data with vendors and partners.
- Securely provide information to consumers to avoid a data breach and enforce transparency.
Sevaa Group uses best practices when it comes to DevSecOps, and we want to promote user privacy and transparency. Whether you’re looking to do a complete overhaul to your processes or simply adding a new portal in the footer of your website, we can help you get ready for the new policy and the new year!