As you may know, the new CCPA (California Consumer Privacy Act) bill goes into effect January 1, 2020. The law applies to any for-profit entity doing business in California or collecting personal information about California consumers that meet any of the following criteria.
- Annual gross revenue exceeding $25 million,
- Buys, sells, receives, or shares personal information for commercial purposes from at least 50,000 California consumers, households, or devices per year,
- Or derives at least 50% annual revenue from selling California consumers’ personal information.
Enforcement of the bill by the California Attorney General begins on July 1, 2020.
If you’re affected by CCPA (and even if you’re not as some of these measures are simply good practices), there are some relatively straightforward measures you can take to update your site. We encourage you, of course, to consult with your legal counsel to ensure that your approach meets requirements from a legal perspective, but here are a few things to consider.
1. Data Access and Deletion Request Form
You’ll need to offer your site visitors a way to request and/or delete data you’ve collected on them within the prior 12 months. You can do this via a simple email link or form.
2. Data Sale Opt-Out Form
4. IP Address Anonymization
Google Analytics can be configured to anonymize IP addresses, which masks the specific details of the user’s location and prevents the collection of what could be considered ‘personally identifiable information’. There are a few other configurations that need to be checked as well, but generally speaking, IP anonymization allows you to continue monitoring site usage without involving PII data.
There are other considerations that might be specific to your organization as well, but these are the common denominator topics. We understand this is a topic that can seem overwhelming, but if you feel you’re affected by CCPA and want to talk through options, let us know. We’re here to help!