The CCPA applies to for profit companies that collect or use personal information of consumers and do business in California. Collecting personal information is very broad and includes basic information collected through website analytics such as name, IP address, device information, payment data, etc. If your website can be viewed by anyone, anywhere, then you are “doing business” in California.
Your business must also meet any one of the following for the law to apply:
Have at least $25 million in annual revenue;
Annually possess the personal data of at least 50,000 consumers, households, or devices; or
Earn at least 50% of its annual revenue from selling consumer’s personal data.
While your revenues may not be that large and you don’t sell data, possessing the personal data of 50,000 consumers, households, or devices may happen before you know it. If you collect the IP addresses of every device that visits your website, then you would meet this threshold simply by having 137 new visitors every day, regardless of whether you did any business with these visitors.
And even if you don’t meet those thresholds now, hopefully, your business will grow to meet them soon.
From a 10,000-feet level, CCPA compliance means you need to (1) clearly disclose the what, how, and why of the personal information you obtain, and (2) implement methods to accommodate consumer requests.
You will also need to explain the purpose for collecting the information. Purposes include performing business services, detecting security incidents, marketing, internal research, and quality assurance. If a category of personal information is sold, that must be disclosed, accompanied by the category of the third party that purchased the info. While it may sound daunting, reports suggest a whole new industry will develop to help companies deal with the CCPA.
To adequately respond to requests, you may first need to update your data infrastructure. If the personal information you store is unlinked and located in several places, you will have a hard time locating everything. You should also keep track of any personal information that is stored by a third party service provider at your direction. Your goal should include the ability to single out one customer and easily retrieve all the information you have about them.
You must have two methods for consumers to make requests. One of the two must be a toll-free phone number unless you are solely an online business which means you can rely exclusively on email.
Only California residents have rights under the CCPA. When you receive a request, you will need to verify their identity and residency. You may do this by matching information you have collected about the requester. However, a consumer must not be required to create an account in order to verify their identity.
You have 45 days to respond to a disclosure request. The written disclosure should identify the categories of information collected, the sources of that information, what that information is used for, the category of third parties the information is disclosed to, and any specific information collected about the requesting consumer. If your company sells consumer information, the disclosure should also indicate which categories of personal information are sold to third parties. The information contained in the disclosure only has to cover the preceding 12 months.
If the requester has an account with you, the disclosure should be uploaded to their account. If they do not, you may send them this information via mail or email.
After verifying the identity and residency of a requester, you must immediately take steps to delete their personal information from your system and direct third parties that store personal information on your business’s behalf to do the same. There are exceptions to this right; for instance, if the personal information you have collected is necessary to complete an ongoing transaction between you and the consumer, you do not have to delete the information until the transaction is complete.
Any consumer that opts-out must be exempted from any information sale for 12 months. This will require some a way to keep track of which consumers have opted out of the sale.
After the 12 month period, you may send the opted-out consumer a request to opt-in to the sale of information. Unless they opt-in, you can not start collecting their information to sell. The CCPA also imposes an opt-in requirement for the sale of personal information of minors under 16 years old, regardless of whether they requested the opt-out or not.
You will be notified of any violation and given thirty days to resolve the issue. Failure to resolve the issue may result in a fine of up to $7,500 per violation. If a consumer believes you’ve violated their rights, you have 30 days after notice to resolve it before they may initiate a class action lawsuit.
Looking for answers? You came to the right place. To learn more about our company mission and culture, click the link below.
You can form a corporation or LLC with our help for as little as $0, plus state filing fees for incorporation. Filing fees vary depending on the state you incorporate in. For more information on specific states, check out our state guides on the Swyft Resource Center. You can also email us with specific questions or contact us at 877-777-0450.
Swyft Filings accepts payment through Visa, MasterCard, American Express, PayPal, checks, and money orders. You can send any questions about payment to our email address or contact us at 877-777-0450.
It depends on what you ordered. If all you did was file your corporation or LLC, the price you paid when ordering is all you pay. You will have no further fees after that.
However, if you signed up for the Swyft Filings Registered Agent Service, you will be charged its initial fee three days after you place your order. From then on, you will be charged according to the terms of your subscription until you change your registered agent with the state or dissolve your company. If you change your agent or dissolve your company on your own, let us know so we can discontinue billing.
Other potential subscription-based options include SnapMailbox, 360 Legal Forms, and ComplianceGuard. If you opt for SnapMailbox or 360 Legal Forms, you will be charged a monthly fee after their respective 30-day free trials end. ComplianceGuard has an annual fee after a 14-day free trial. All three of these services are completely optional.
Our team processes all Standard orders on a first come, first served basis. If you opt for Express or Same-Day Processing, we prioritize your order and send it to the front of the line. However, no matter how fast we get it out the door, you’ll still have to wait for your state to address your filing.
Each and every one of our customers is assigned a personal Business Specialist. You have their direct phone number and email. Have questions? Just call your personal Business Specialist. No need to wait in a pool of phone calls.
Trusted by over 250,000 businesses since 2015. Start your business with confidence. Affordable. Fast. Simple.