If you’re an eCommerce business owner and have customers in California, meet the CCPA, the California Consumer Privacy Act. It came into existence in January 2020—here’s our summary to compliance for eCommerce store owners.
Table of Contents
What is CCPA?
CCPA stands for California Consumer Privacy Act 2020. California is known to be the first state to pass a data breach notification law, so it didn’t come as a surprise that in June 2018, the CCPA had been accepted. It goes without saying, the law is comprehensive. It is targeted at companies that collect or store personal information. The main goal of the law is to enshrine personal data rights for Californians, referred by the privacy law as consumers. For now, it’s only about California, but it is expected to expand by 2021, and to become the undeniable national standard for the whole country.
These are the rights CCPA has empowered consumers with:
By Personal Information, CCPA means the consumer’s name, their username, and password, cell number, IP, or physical address. It also includes information on education and employment, race, sexual orientation, race, age, marital status, and even facial recognition data, fingerprints, and more.
Who Does CCPA Apply to?
California Consumer Privacy Act (CCPA) taken effect in January 2020, applies to companies that do business in the Golden State, and collect any personal information of residents. If you’re still in two minds whether or not CCPA applies to your business, have a look at the following statements:
- You earn $25 million annually
- You collect, exchange, share or sell personal data of 50,000 or more residents of California, households or devices annually
- You “Derive 50 percent or more of its annual revenue from selling consumers’ personal information.”
CCPA vs GDPR
Do these most discussed laws differ? Or do they have any similarities? Firstly, let us remind you of what GDPR is. GDPR stands for General Data Protection Regulation, and it is designed to empower people’s privacy rights and limit the collection and processing of personal information by companies. The law has been in effect since May 2018. The thing is it covers only companies that work with the EU data, and it doesn’t matter if they established in the European Union or not, whereas the CCPA gives Californian consumers control over their personal information.
It’s too early to make any predictions about the CCPA and how it will influence the world, but here’s some statistics based on GDPR:
The striking difference is that prior consent is only exclusive to the GDPR. According to the CCPA, a company doesn’t ask for prior user consent before collecting or processing their personal data. The good news is that if you’re GDPR compliant, there will be slight changes made to comply with the California Consumer Privacy Act.
All the world knows that consumer data privacy has always been a hot topic for discussion, especially for those who run an eCommerce business. But this year the CCPA has made quite a stir in the world of eCommerce. And taking into consideration the GDPR fearsome statistics, the CCPA is something you should worry about. Because if you do not, you’re not only in danger of being penalized, but also the poor brand reputation and customer trust. And this is, obviously, the worst-case scenario.
Here’s What Will Help Your E-Commerce Business to Comply With the CCPA
- Take time to understand, find out what regulations apply to your business. Do some research or consult your lawyer.
- Review and update your Privacy Policies on why, how, and what kind of personal data you store and process. There should be a clear explanation of customer rights concerning the CCPA.
- Post information on how your customers can request access to their data, alter or delete what has been collected.
- Have a record of requests and your reply for 24 months.
- State any financial incentives you’ve granted to share personal data (i.e. providing a customer with a coupon in exchange for an email).
- Put a clear statement like, “Do not sell my personal data” on your e-store home page. That will mean that you don’t exchange or sell the customers’ data to any third party.
- Strengthen your security software to prevent data breaches.
And the last but not the least, if you’re planning to use software to catch and solve business problems quicker, you’d better go with top-notch tools. Take Magento extensions. If you own an eCommerce store, and you use some third party extensions vendor for Magento2, please stick to those that can make a quick update. Like here.
MageWorx, a pioneer in Magento development services, a Select Magento Partner, was quick to react and made all the changes without any delay. The point is, place your trust only in those companies that are empirically experienced in what they do.
Even if complying with ccpa means an additional cost, believe us, the cost of remaining secure and robust will definitely cost a whole a lot less than being fined or repairing a company reputation. The right inventory will protect your retail business under the new data privacy Laws like the CCPA if any changes occur.
Summary
Looks like the CCPA and the GDPR is just the beginning of a journey into the world of data regulation laws. And the stringent rules of compliance might be a threat to plenty of eCommerce businesses, if not followed.
Even if the CCPA feels like a burden to your eCommerce business now, don’t take the “wait and see” approach in case something can change. Think of the CCPA as a priceless opportunity to deliver a leading-edge customer experience. Customer privacy has always been paramount, but now, more than ever. That’s why it’s vital to encrypt any data and implement compliance requirements. Meeting all the data regulations, you not only fail-safe yourself from being fined but provide world-class service to your customers.