The CCPA was enacted into California law with the goal of strengthening consumer privacy rights by limiting access to sensitive consumer data. It applies to most for-profit companies that collect, share, or sell the personal data of California consumers, regardless of business location. You can think of the CCPA as California’s corollary to the European GDPR.
Similar to the GDPR, the act mandates that businesses must disclose what information is being collected from consumers and also gives them the right to forbid the sale of their personal data.
Who does the CCPA impact?
Businesses are subject to the CCPA if one of more of the following are true:
- Has gross annual revenues in excess of $25 million
- Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices (within California)
- Derives 50 percent or more annual revenues from selling consumers’ personal information
For clarity, Mutiny would fall into the second category, and would be required to adhere to the CCPA framework, as we may receive personal data of 50,000 or more California residents.
What is the definition of data?
CCPA defines personal data as any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. This law differs from others by including household information in the scope of the definition of personal data.
Personal information may include but is not limited to name, email address, biometric data, IP address, Internet of Things information, geolocation data, professional or employment information, and other information. You can see that there is a lot of overlap between the GDPR and CCPA definitions of data and personal information.
How is Mutiny CCPA compliant?
As with the GDPR, there are many aspects of the CCPA that are relevant for website personalization. Mutiny is compliant through these processes:
- Updating the Mutiny Privacy Policy with respect to the CCPA
- Ask visitors if they want to opt-in or opt-out and systematically respect that decision
- Only use the provided data for the specific purpose (of personalization)
- Do not sell, market, or share California resident’s personal data
- Allow individuals to be able to delete their personal data upon verification of the individual
- Maintain records of data information requests
- Implement and maintain a data inventory
- Implement reasonable security measures to ensure the confidentiality, integrity, and availability of personal data.
Next steps
Learn more about implementing your consent rules for Mutiny here.
Comments
0 comments
Please sign in to leave a comment.