How to Make Your Website CCPA-Compliant

Hey ๐Ÿ‘‹, creator!

Do you have a website ๐Ÿ’ป? 

If so, itโ€™s imperative that you learn about the new California Consumer Privacy Act (CCPA), which went into effect on January 1st, 2020. 

Why ๐Ÿค”? 

Well, if you violate the act, you could be liable for up to hundreds of thousands of dollars ๐Ÿ’ธ in fines and penalties. 

Plus, you could lose your YouTube account and your social media accounts, potentially leaving you in financial ruin ๐Ÿ“‰.

Have I caught your attention ๐Ÿ‘€ yet? 

Good. ๐Ÿ‘

 What really is the CCPA?

Outlined over a whopping 18 pages ๐Ÿ“–, the California Consumer Privacy Act was passed in 2018 with the purpose of protecting ๐Ÿ›ก๏ธ California residents and their personal information online ๐ŸŒ. 

The CCPA contains various rules about data collection and how and when this information can be shared and sold ๐Ÿ’ฒ. 

But hold on! ๐Ÿ›‘

Even if you donโ€™t live in California, you will be affected by this law via any viewers, listeners ๐Ÿ‘‚, or fans of yours who do. 

 Why the CCPA?

The CCPA was passed because the government ๐Ÿ›๏ธ believes that people have the right to control how their personal information is used and shared online. Furthermore, they want to stop businesses from taking this personal information without permission and using it for monetary ๐Ÿ’ฐ purposes. 

Before the CCPA was passed, there was really no law that helped people control their personal information and provided penalties for businesses that took it without their permission. As a result, there were a lot of financial ๐Ÿฆ crimes committed. 

Identity theft ๐Ÿ’ณ, harassment, and fraud are just a few examples of the financial crimes that plagued the Internet. 

Another instance was the Cambridge Analytica scandal in which Facebook allowed a researcher to access the data of 87 million people ๐Ÿ‘ฅ. 

At the time, the researcher claimed to be using this data for academic โœ๏ธ purposes, but in reality he sold it to Cambridge Analytica, who then used the information to bribe and blackmail politicians ๐Ÿ—ณ๏ธ in the 2016 race. 

The worst part? No one was even sued or sent to jail ๐Ÿ˜จ for this. 

In response, the CCPA was created to give people the right to know what personal information any business takes from them, how they take it, where they take it, and why. 

Additionally, all businesses under the CCPA must disclose the types of personal information they collect from people online and allow those people to access, delete ๐Ÿ—‘๏ธ, or opt out of the sales of their personal information. 

Finally, the CCPA prevents businesses from discriminating against consumers who want to use their services without having their information sold. 

The key ๐Ÿ”‘ point to know about the CCPA is that it’s liberally constructed. This means that if there is any question or confusion about how the law applies, then the business (that means you, creator) does not get the benefit of the doubt – the consumer does.

My take

Okay, so that sounds kind of scary ๐Ÿ‘น, but I think the CCPA is a good thing. 

Itโ€™s important to give people control of their personal information online; you might be surprised by how much personal information we transmit when we use Facebook, Google, or Amazon, for example. 

However, the biggest question out there is whether or not the CCPA applies to you, the social media creator. 

Soโ€ฆ does it?

The quick and easy answer to that question is yes

If you have any viewers who live in California – even one โ˜๏ธ! – then the CCPA does apply to you given that your website requests personal information such as an email address or a name. 

Even if your website doesn’t directly request this information, you could still be subject to the CCPA if your website uses web cookies ๐Ÿช. (Okay, not chocolate chip.)

How to know if your website uses cookies

I didn’t know whether or not my website, iancorzine.com, used web cookies, so I did a search and found this online tool called cookieserve.com

When you visit this website, you enter your siteโ€™s URL ๐Ÿ”— to find whether or not there are cookies working on your site. 

I couldnโ€™t believe it – when I entered my URL, I saw dozens and dozens of cookies that collect my clientsโ€™ personal information ๐Ÿ˜ฎ! 

I was pretty shocked by this because when I was creating my website, I had no idea that YouTube, Amazon, and other big sites were adding cookies to it; so I have a feeling when you test your site youโ€™ll be surprised, too.

Back to the point: complying with the CCPA

We know that if you have Californians using your site or viewing your social media, you need to comply with the CCPA; however, this is only the case if your website pulls 137 or more pieces of personal information per day. 

If you do any personal research on the law, you may find claims that the CCPA only applies to larger online businesses, such as those that make over $25 million a year in gross #revenue or derive 50% or more of its income from #trading โžก๏ธ user data. 

However, the law also applies to businesses that touch 50,000 pieces of consumer data per year ๐Ÿ—“๏ธ, so if you do a lot of business on your website, then you need to be concerned about the CCPA. Also, keep in mind that the CCPA also applies to social media accounts like YouTube, #Instagram, and #Facebook.

The reality is that these privacy laws are not going away, and they’re going to get even more stringent as time goes on.

Even if, based on what Iโ€™ve explained, the CCPA does not seem to apply to you, I still recommend paying close attention to it, as many states are passing ๐Ÿ†— similar laws. 

Plus, the federal government has recently introduced a bill ๐Ÿ“œ called the Consumer Online Privacy Rights Act, which has similar requirements to the CCPA and may be passed within the next couple of years.

Any laws passed by the federal government could also potentially lower the thresholds that merit applicability; for example, soon maybe 10,000 touches of personal information will be all it takes to make you accountable for these privacy laws. 

All in all, you should get prepared right now, because if you don’t, you might be facing some big penalties ๐Ÿ’ต pretty soon. 

Penalties for non-compliance

Complying with the CCPA is no small task; in fact, it reminds me of the Online Protection Act California passed in 2003, which required a lot of changes to a ton of websites.

But what happens if you don’t have the money to comply with the CCPA? 

I hate to say this, but if you can’t comply with the CCPA, then you’re going to get sued ๐Ÿคทโ€โ™‚๏ธ. 

There are two โœŒ๏ธ different groups of people that could initiate a civil action against you for violations of the CCPA.

๐Ÿ‘ค Consumer

Actual people in California who are affected by a #breach of their personal information after using your website are eligible to sue you. 

In order to do so, they must first give you notice of this breach and an explanation of what happened within 30 days ๐Ÿ“…. 

If you can cure the breach, then you can possibly save yourself the lawsuit. Otherwise, the individual can bring a civil action against you to recover damages between $100 to $750 per privacy violation. 

๐Ÿ‘ค The Attorney General

The Attorney General of California can bring a civil action after the 30 day notice period and recover $2,500 per unintentional privacy violation or $7,500 per violation with evidence that you intentionally violated the CCPA. 

Basically, if you violate the CCPA and you can’t comply, it could result in your financial ruin. 

What do to now

Thankfully, all the big companies like Google, Facebook, and Amazon have done the hard work for you; they are now compliant with the CCPA ๐Ÿ™Œ. 

Therefore, you don’t need to take additional action if you only have these social media accounts.

However, if you do have a website, you’ve got to be concerned. 

Take it from me: There are #litigators out there, especially in California, who want to bring suits  ๐Ÿ’ผ to any and all instances of CCPA non-compliance.

So what do you do if you have a website that serves Californian customers and is not yet CCPA compliant? 

Based on my deep-dive of the CCPA and its regulations, Iโ€™ve found the path ๐Ÿ›ฃ๏ธ to compliance for the CCPA. 

Here are the four things you can do to comply:

1. Write a privacy policy ๐Ÿ“

You need to disclose on your website what personal information you collect, how you get it, and for what purposes you use that information. 

There are some more detailed requirements about notice and disclosure within the law, so I encourage you to actually read it ๐Ÿ‘จโ€๐Ÿ’ป. I know the CCPA is a long piece of legislation, but itโ€™s imperative that youโ€™re familiar with how it works.

I also recommend that you consult your local social media lawyer to better understand how the CCPA specifically applies to your website.

2. Update your security #software โš™๏ธ

Invest in quality security software and good security #protocols for how you handle your customersโ€™ personal information. 

Keep in mind that the real focus of this law is protecting consumers against personal information breaches; so, you have to create some rules for how this information will be protected โš”๏ธ. 

Make sure your security software prevents hacking and that your customersโ€™ data is thoroughly safeguarded ๐Ÿ’‚โ€โ™‚๏ธ. 

3. Give people access ๐Ÿšช to their own information

Create links that allow people to request access to and deletion of their information, as well as the ability to opt out of the sale of that information.

Additionally, you should have an opt-in link that allows anyone aged 13-16 ๐Ÿ‘ง to opt into the selling or the sharing of their personal information.

One of the most common forms of these links includes โ€œDo not ๐Ÿ™…โ€โ™€๏ธ sell my personal informationโ€ buttons ๐Ÿ”˜ that users can click to visit another page and read CCPA disclosures and make various requests to the website owner. 

Be sure to keep records of anyone who makes such requests to support your case should a lawyer have to investigate ๐Ÿ•ต๏ธโ€โ™€๏ธ accusations of noncompliance on your end.

youtube+lawyer (1).jpg

4. Obtain a new contract clause ๐Ÿ“‹ for vendors

Let’s say you’re going to hold an event in Los Angeles, so you request the personal information of any potential attendees. However, you use a vendor to reach out and invite โœ‰๏ธ these individuals. 

In this case, you will require a written contract between you and the vendor that outlines the various requirements and disclosure requirements for the CCPA. The contract must also have one specific term that binds the vendor, as your representative, to compliance with the CCPA.

For a FREE checklist with all of the CCPA requirements, text ๐Ÿ“ฑ CCPA to (213)-340-3302.

If you find yourself in need of a new CCPA-Compliant Privacy Policy, an opt-out template, or a new language for vendor contracts, feel free to contact me and set up an online consultation at iancorzine.com. 

Creator, I know it’s tempting to act as if the CCPA doesn’t apply to you, but I encourage you to follow the law because, unfortunately, it’s not going away. 

Eventually, we’ll all have to follow these new privacy rules, so why not start now? The penalty for violating the CCPA is too great to take that risk.