• Skip to main content
  • Skip to footer
  • Checkout
  • My Account
  • Access Your Purchases
    • Access Your Templates
    • Access Your Courses

Businessese

Translating the legalese and handling the fine print

  • Home
  • Shop
    • By Business Type
      • Bloggers & Influencers
      • Business Coaches & Consultants
      • Business Owners
      • Copywriters
      • Freelance Content Creators
      • Graphic & Website Designers
      • Health Coaches
      • Pharmacist Consultants
      • Registered Dietitians
      • Service Business Owners
      • Social Media Managers
      • Virtual Assistants & OBMs
    • By Business Activity
      • Adding a Lead Magnet
      • Building a Membership Site
      • Building a Website
      • Hiring Team Members
      • Marketing on Instagram
      • Monetizing a Blog
      • Protect Your Content
    • By Document Type
      • All Legal Templates
      • Client Agreements
      • Website Policies
      • Independent Contractor Agreements
      • Nondisclosure Agreement
      • Likeness Release
      • Sponsorship Contract
      • Everything Else
  • Podcast
  • Blog
  • About Businessese
    • License Our Forms
    • Affiliate Program
      • Affiliate Area
  • Subscribe
  • Contact
  • Login
    • Access Your Templates
    • Access Your Courses

By Businessese

CCPA Guide for Bloggers and Influencers

In terms of data, if 2018 was the year of GDPR, 2019 has become the year of CCPA. This guide aims to break down what bloggers and influencers need to know about CCPA compliance.

What Is CCPA?

CCPA is the California Consumer Privacy Act. While they are not identical, think of it as similar to GDPR, but for residents of California. The goal of the act is to give California residents greater control over the sale of their data.

The law passed in 2018 and has gone through an amendment period that lasted until the fall of 2019. Businesses have until January 1, 2020 to become compliant.

Note: If you are already GDPR-compliant, that doesn't mean that you are CCPA-compliant. They are similar, but not identical, so make sure you know if CCPA applies to your business and what changes you may need to make.

Who Must Comply with CCPA?

First, remember, even if you are not located in California, you may still need to be CCPA-compliant.

To determine if you need to be compliant, you have to apply the CCPA definition of “business” to your business, which states:

“Business” means:

A sole proprietorship, partnership, limited liability company, corporation, association, or other legal entity that is organized or operated for the profit or financial benefit of its shareholders or other owners, that collects consumer's personal information, or on the behalf of which such information is collected and that alone, or jointly with others, determines the purposes and means of the processing of consumers' personal information, that does business in the State of California, and that satisfies one or more of the following thresholds:

(A) Has annual gross revenues in excess of twenty-five million dollars ($25,000,000)…

(B) Alone or in combination, annually buys, receives for the business's commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households or devices.

(C) Derives 50 percent or more of its annual revenues from selling consumers' personal information.

If you have a website, you likely meet the first paragraph. Most websites are capturing personal information under the definitions provided in the act. This means you need to determine if you need to comply under the thresholds presented.

Most bloggers and influencers likely don't qualify under A or C, so that leaves us with Section B. To determine if you qualify, you will need to consider your traffic and the visitors to your website.

Do you have more than 50,000 visitors from California in a year? If you aren't sure, check Google Analytics. Here's how to check:

  1. Click on Audience
  2. Click on Overview
  3. In the top right, enter a date range for the past twelve months
  4. Scroll down to the demographics section
  5. Click on Country
  6. Click on United States
  7. Look at your sessions and users from California

If you've had more than 50,000 or you are very close to that threshold, then you need to consider if you are buying, receiving for your business's commercial purposes, selling, or sharing for commercial purposes, the personal information of these California residents.

For example, if you are:

  • Using certain personalized display ads;
  • Using the Facebook pixel; or,
  • Using certain analytics.*

Then you likely need to ensure you are CCPA-compliant.

*Please note, this list is not exhaustive, so you will need to consider your business on an individual basis.

Am I Really Selling Their Information?

If you are reading this and thinking, wait, I am not selling anyone's information, this doesn't matter – keep reading. It's important to note that the legislation has a very broad definition of what constitutes selling or a sale. It means:

“selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration.”

Because of how broadly the statute was drafted, even things you wouldn't normally think of as a “sale” may fall under the definition.

Service Provider Exception

There is a narrow exception carved out for Service Providers, which may process your business's information on your behalf and do not share it with any other third parties. An example of this may be your email service provider or a course platform, like Kajabi or Thinkific.

Check with the vendors you work with to determine if they are a Service Provider under CCPA.

How to Comply with CCPA?

1. You Must Offer Certain Rights to California Residents

Right to Access

Under CCPA, California residents may submit a verifiable consumer request to access the personal information you have collected about them in the past 12 months. You have 45 days after the submission of the request to disclose:

  • The categories of personal information you collected;
  • The categories of personal information you sold;
  • The categories of any third parties to whom you have sold their personal information;
  • A list of which categories of their personal information you sold to each party; and,
  • The categories of their personal information you disclose for business purposes.

Right to Delete

Additionally, a California resident may submit a verifiable consumer request to delete their personal information.

Right to Non-Discrimination

CCPA also includes a right of non-discrimination, which means that you cannot:

  • deny goods or services;
  • charge different prices; or
  • provide a different level of quality of goods or services

if someone exercises their rights.

2. You Must Have a Way for California Residents to Exercise Their Rights

You must provide an email address for someone to exercise their rights. If you have a physical location, you must also have a toll-free number.

3. Update Your Privacy Policy

You need to update your privacy policy to include:

  • a description of the consumer's rights under CCPA;
  • a list of the categories of personal information it collects, based upon the categories listed in the legislation, and how the information is disclosed/sold.

You can purchase a CCPA-compliant privacy policy in the Businessese Store.

(If you have purchased in the past, an updated version will be sent to you.)

4. Page to Opt-Out

If you do sell personal information, you will need a page on your site that allows users to opt-out of the sale of their information. You will need to link this page in your privacy policy and on your home page.

What Happens if You Don't Comply?

If you don't comply, it could result in notices from the State of California and in fines.

Next Steps

  1. Determine if you qualify as a business under CCPA and whether or not you have to comply;
  2. Update your privacy policy;
  3. Determine how you will give California consumers the ability to opt-out of the sale of their data. Depending on your website, you may want to explore plugins. Like with GDPR, there are a few available now and they will only continue to improve.

As always, if you are not comfortable making the determination yourself about CCPA compliance or you are not comfortable using a DIY template, make sure you contact a lawyer for assistance.

Are We Going to Have to Do This Again Next Year?

I really wish I could tell you no, but we anticipate additional updates in the next few years as it relates to privacy and data. Nevada has already passed a more limited data law. (Don't worry, our privacy policy has also been updated for that.) Many other states have pending legislation. There have been bills introduced on a national level. Ideally, one of these bills will pass so that all states are consistent.

Subscribe to our newsletter to stay updated on the latest developments.

Share this post:

Share on FacebookShare on PinterestShare on TwitterShare on LinkedIn

Filed Under: Legal Tagged With: privacy policy

Footer

Let’s Connect

  • Facebook
  • Instagram
  • LinkedIn
  • Pinterest

© Copyright 2021 · Businessese · All Rights Reserved ·Terms of Service and Privacy Policy ·Affiliate Program Terms ·Accessibility Statement

 

The only system you’ll need for maximizing your sponsored post income.

Learn more and join the course here

 

Everything you need to create campaign closing reports that WOW your clients.

Learn more and join the course here

 

Register for The Webinar!

Grab your spot! Seats are limited!
 

Full name*
Email*

 

 

Register for The Webinar!

Grab your spot! Seats are limited!

Full name*
Email*

Register for The Webinar!

Grab your spot! Seats are limited!

Full name*
Email*

Register for The Webinar!

Grab your spot! Seats are limited!

Full name*
Email*

Register for The Webinar!

Grab your spot! Seats are limited!

 

Full name*
Email*