California Consumer Privacy Protection Act of 2018
The CCPA gives California consumers new privacy rights such as the right to know what data businesses collect about them, to obtain a copy of that data, to request that it be deleted and to request that it not be sold. Here’s the official statute and the statute in a Google document where you can ask and answer questions.
How CCPA Toll Free Helps
The CCPA generally requires businesses subject to the law to (1) establish a toll-free number (a privacy hotline) and (2) to provide a Do Not Sell My Personal Information link / interactive web form, in each case to enable consumers to register their privacy preferences . We simplify compliance with this aspect of the law.
Looking for CCPA Resources?
If you’re looking for legal advice or to connect with other services providers we recommend, see our CCPA resources page.
Follow Privacy Best Practices — In No Time!
Did you know more than ten states have bills pending that endorse or require toll-free hotlines and elements of the CCPA? There is no reason to limit your privacy hotline and privacy request manager web for to California consumers. Offer it to everyone before it’s required and differentiate your business as a privacy a leader. You can set up your hotline and interactive web form in minutes.
What Rights Does CCPA Give to Consumers?
CCPA provides consumers with four core rights.
Businesses that “sell” personal information within the meaning of the CCPA must have a link that may be abbreviated “Do Not Sell My Info” in their homepage footers. When a consumer clicks the link, show them a web form or toll free number that accepts opt outs, and when a consumer makes an opt-out request, fulfill it within 10 days. Note this is faster than the 45 days period the CCPA requires for other request types.
The CCPA gives consumers the right to request a copy of the specific data you hold about them. When a consumer exercises this right via a web form or hotline, acknowledge it within 10 days and fulfill it within 45. Include all data under your control, whether located on your infrastructure with a third party like AWS. Share the info securely using tools like Linshare, NextCloud or OwnCloud. Or send the password to an encrypted zip file using a tool like One Time Secret.
The CCPA gives a consumer the right to ask you to delete their personal data. If a consumer makes this request via your toll free privacy hotline or interactive web form, acknowledge the request within 10 days and fulfill it within 45 days. You should delete all information you control that is tied to or relatable to an identified user, but note the CCPA provides many reasons why you are allowed to deny delete requests (e.g., to detect fraud, or for compliance reasons).