CCPA for your website
The CCPA applies to the companies doing business in California if at least one of the following requirement is met:
- minimum annual revenue constitutes $25 million;
- process personal data of 50,000 or more persons;
- at least 50% of revenue is generated by selling personal data.
The CCPA covers the following data: name, username, password, phone number and physical address, etc. This also includes information used by companies to track user behavior on the Internet, such as IP addresses and device identifiers.
The law also applies to the data that designates users by their race, religion, marital status, sexual orientation, and military status. The CCPA also covers biometric information, such as fingerprints or face recognition data, browser history, and location information.
Companies have the right to use the data from open government sources, for example, to find out whether users are married. This data is excluded from the scope of the CCPA. However, this only works if the data is obtained directly from government sources, and not from user accounts on social networks.
Companies are required to notify consumers about their rights under the CCPA, including the right to delete, the right to information, and how to exercise these rights. Ways to communicate: privacy policies, CCPA notifications on the website, or while collecting personal information. Companies’ privacy policies must specify how the collected data is used.
Responding to customer requests
Companies are required to respond to user requests regarding personal information within 45 days. To do this, companies must develop well-functioning user data processing support mechanisms. Date the information collected as the user has the right to request the information about the processing of their data from up to a year ago. Companies are also required to delete consumer personal information upon request, unless retention of the information is required to complete a transaction, for security purposes, or to prevent fraud.