The CCPA, which is short for the California Consumer Privacy Act, is a law designed to enhance privacy rights for consumers in California and to encourage transparency regarding how businesses collect and use personal information. Businesses subject to the CCPA are expected to be in compliance with the law by January 1, 2020.
In this article, we will walk you through the basics of the CCPA, including some of the most relevant parts of the law for our Constant Contact customers.
While not an exhaustive summary of the CCPA, or legal advice for your company to use in complying with the law, this article is intended to provide helpful background information on the CCPA to help you better understand the law and how it may apply to your business. You should consult your own legal counsel to determine if you are subject to the requirements of CCPA and for a full understanding of your obligations under the law.
What is Personal Information Under the CCPA?
The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
In short, if information can be traced back to, or is related in some way to, a consumer or household, it is likely to be considered personal information under the CCPA.
Similar to another well-known privacy law, the General Data Protection Regulation (or the “GDPR”), this definition of personal information is very broad. In addition to the kinds of information you might think about as personal information — name, address, email address, financial information, contact information, identification numbers, etc. — personal information can in some cases be information related to an individual’s digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers. It could also include other types of information about an individual, including information about their physical, mental, social, economic or cultural identities. The CCPA’s definition of personal information also extends to personal information relating to a household, even if it does not identify a specific individual within that household.
Who Has Obligations Under the CCPA?
The CCPA applies to businesses that are doing business in California if they:
- Are for profit (generally speaking, nonprofit organizations do not have to comply with CCPA unless they share branding with, or are controlled or owned by, a for-profit organization);
- Collect and control the processing of California consumers’ personal information;
- Do business in California, or target California consumers; and
- Meet any one of the following conditions:
- Have annual gross revenue in excess of $25 million,
- Annually receive, buy, sell or share personal information of 50,000 or more consumers or households within California, or
- Derive fifty percent or more of their annual revenue from selling personal information.
What rights do consumers have under the CCPA?
The CCPA was passed by California lawmakers to give California consumers more control over their personal information (described above). The law defines a “consumer” as a natural person who is a resident of California and it also applies to California residents who are traveling outside of the state. The CCPA is designed to ensure that consumers have:
- The right to be informed about what personal information is being collected about them, where it was sourced from, what it is being used for and whether their personal information is sold or disclosed;
- The ability to opt out of the sale of their personal information, request access to their personal information, request deletion of their personal information; and
- Protection against discrimination for exercising any of these rights.
Please note that not all of these rights listed above are absolute, and limitations/exceptions may apply in some cases. Businesses are required to provide a method to receive and respond to individual rights requests submitted by California consumers.
What do I need to do to be compliant with the CCPA?
As mentioned above, under the CCPA, consumers can request that businesses do not sell their personal information. The definition of ‘selling’ under the CCPA is very broad and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
To ensure that you are able to honor these requests, it is important for you to understand how you collect and share personal information in all contexts.
If you “sell” personal information as defined by the CCPA, you are required to provide a link that says “Do Not Sell My Personal Information” or “Do Not Sell My Info” on your website’s homepage and within your privacy notice. If a consumer opts -out, you must honor their request and communicate it to third parties with whom you share the consumer’s information. To ensure that you are able to honor these “Do Not Sell” requests, it is important for you to understand how you collect and share personal information in all contexts.
Businesses must also implement processes to respond to verified consumer requests and opt-out requests. Businesses must make at least two methods for submitting requests available to consumers including, at a minimum, a toll-free telephone number and a website address if the business maintains one. Businesses are also required to respond to consumers’ requests within the time limits set out in the CCPA.
How is Constant Contact Helping Me Comply with CCPA?
Constant Contact is dedicated to ensuring that our products allow our customers to comply with their obligations under the CCPA. Where required, we will support you in fulfilling CCPA-related requests that you receive from your contacts.
I’m a customer from California – how can I learn more?
If you are a California consumer and exercise your CCPA rights as a Constant Contact customer, Constant Contact will respond in accordance with our Privacy Notice.
The Constant Contact Privacy Center explains what information we collect about you as a Constant Contact customer and how we handle your personal information. This notice includes descriptions of how your personal information is used by Constant Contact.
How can I access, correct, or export my consumers’ data?
You can view and update a contact’s information on the contact profile page within your Constant Contact account.
Your contacts can also access and update their information and their marketing preferences by clicking the update profile link in the footer of each email that is sent to them by using the Constant Contact service. By default, the update profile form only shows a contact’s email address. If you are storing more information about contacts, you can enable those fields to be visible to contacts as well. Read more about how to customize the update profile form.
You can export your contacts’ data at any time. Follow the link to learn more.
What if You Have More Questions about the CCPA?
If you have specific questions about the assistance we can offer with the CCPA, please contact Support or firstname.lastname@example.org.
You may be aware that the California legislature may further amend the CCPA. Additionally, the California Attorney General must finalize regulations in conjunction with certain provisions in the CCPA. These regulations will not go into effect until after the CCPA’s January 1, 2020 effective date.
Once these new rules are finalized, we will be reviewing our forms and features to provide our customers with the necessary tools to achieve compliance, if needed.
Remember: the information above is meant to guide you through the process of understanding the CCPA and is not a substitute for legal advice. Find more information on the CCPA website.