The CCPA applies to for profit companies that collect or use personal information of consumers and do business in California. Collecting personal information is very broad and includes basic information collected through website analytics such as name, IP address, device information, payment data, etc. If your website can be viewed by anyone, anywhere, then you are “doing business” in California.
Your business must also meet any one of the following for the law to apply:
Have at least $25 million in annual revenue;
Annually possess the personal data of at least 50,000 consumers, households, or devices; or
Earn at least 50% of its annual revenue from selling consumer’s personal data.
While your revenues may not be that large and you don’t sell data, possessing the personal data of 50,000 consumers, households, or devices may happen before you know it. If you collect the IP addresses of every device that visits your website, then you would meet this threshold simply by having 137 new visitors every day, regardless of whether you did any business with these visitors.
And even if you don’t meet those thresholds now, hopefully, your business will grow to meet them soon.
From a 10,000-feet level, CCPA compliance means you need to (1) clearly disclose the what, how, and why of the personal information you obtain, and (2) implement methods to accommodate consumer requests.
You will also need to explain the purpose for collecting the information. Purposes include performing business services, detecting security incidents, marketing, internal research, and quality assurance. If a category of personal information is sold, that must be disclosed, accompanied by the category of the third party that purchased the info. While it may sound daunting, reports suggest a whole new industry will develop to help companies deal with the CCPA.
To adequately respond to requests, you may first need to update your data infrastructure. If the personal information you store is unlinked and located in several places, you will have a hard time locating everything. You should also keep track of any personal information that is stored by a third party service provider at your direction. Your goal should include the ability to single out one customer and easily retrieve all the information you have about them.
You must have two methods for consumers to make requests. One of the two must be a toll-free phone number unless you are solely an online business which means you can rely exclusively on email.
Only California residents have rights under the CCPA. When you receive a request, you will need to verify their identity and residency. You may do this by matching information you have collected about the requester. However, a consumer must not be required to create an account in order to verify their identity.
You have 45 days to respond to a disclosure request. The written disclosure should identify the categories of information collected, the sources of that information, what that information is used for, the category of third parties the information is disclosed to, and any specific information collected about the requesting consumer. If your company sells consumer information, the disclosure should also indicate which categories of personal information are sold to third parties. The information contained in the disclosure only has to cover the preceding 12 months.
If the requester has an account with you, the disclosure should be uploaded to their account. If they do not, you may send them this information via mail or email.
After verifying the identity and residency of a requester, you must immediately take steps to delete their personal information from your system and direct third parties that store personal information on your business’s behalf to do the same. There are exceptions to this right; for instance, if the personal information you have collected is necessary to complete an ongoing transaction between you and the consumer, you do not have to delete the information until the transaction is complete.
Any consumer that opts-out must be exempted from any information sale for 12 months. This will require some a way to keep track of which consumers have opted out of the sale.
After the 12 month period, you may send the opted-out consumer a request to opt-in to the sale of information. Unless they opt-in, you can not start collecting their information to sell. The CCPA also imposes an opt-in requirement for the sale of personal information of minors under 16 years old, regardless of whether they requested the opt-out or not.
You will be notified of any violation and given thirty days to resolve the issue. Failure to resolve the issue may result in a fine of up to $7,500 per violation. If a consumer believes you’ve violated their rights, you have 30 days after notice to resolve it before they may initiate a class action lawsuit.
Looking for answers? You came to the right place. To learn more about our company mission and culture, click the link below.
Swyft Filings charges only $49 + state filing fees to incorporate your business. Filing fees vary from state to state. If you have a question about a specific state, feel free to email or contact us at 877-777-0450.
No. For business filings, you paid the total price for your order at the time you placed it.
However, if you signed up for the Swyft Filings Registered Agent Service, you will be charged for this service when the state grants your company a Certificate of Formation. This recurring fee will be automatically charged to your account for each period the service is active unless you change your Registered Agent with the State or dissolve your company.
Orders are processed as they are received. However, clients that select Express Processing or Same Day Processing will have their orders processed before Standard Processing orders.
Incorporation times vary from state to state. Feel free to contact us by email or at 877-777-0450 for information on specific state processing times.
Each and every one of our customers is assigned a personal Business Specialist. You have their direct phone number and email. Have questions? Just call your personal Business Specialist. No need to wait in a pool of phone calls.
Trusted by over 250,000 businesses since 2015. Start your business with confidence. Affordable. Fast. Simple.