ARI Responsive Websites

FAQ - The California Consumer Privacy Act (CCPA)

Owned by Sam Carlson (Deactivated)
Last updated: Dec 29, 2019
2 min read

The California Consumer Privacy Act (CCPA) is a new privacy law concerning online businesses and California residents. It goes into effect on January 1, 2020, with the enforcement of the law set to begin on July 1, 2020.

What is CCPA?

The state of California passed the California Consumer Privacy Act (CCPA) on June 20, 2018. It is the first comprehensive online privacy law implemented in United States. It provides privacy rights specifically to residents of California. Companies that must comply with the CCPA are obligated to…

  • Provide disclosures to consumers, and

  • To adhere to requests from California consumers to have their collected personal information…

    • …excluded from sale to third parties, and/or

    • …deleted, and/or

    • …provided back to them

Does my business need to comply with CCPA?

The law applies to companies that do business with consumers in California, if the company meets any one of the following criteria:

  1. Gross annual revenue of more than $25 million, or

  2. Derive 50% or more of its annual revenue from the sale of consumer personal information, or

  3. Buys, sells, or shares the personal information of more than 50,000 consumers

When does the law go into effect?

The CCPA goes into effect on January 1, 2020. However, enforcement by the Attorney General (AG) of California will not begin until July 1, 2020.

What happens when a consumer makes a data request?

When a customer on your website submits a request to have their data provided to them, removed, or to not be sold to third parties, ARI Network Services will be notified. We will work with you to verify and comply with the consumer request. Enforcement begins on July 1, 2020, and requests must be answered within 45 days after the law goes into effect. 

I need to comply with CCPA. What changes will I see on my website?

If your business must comply with CCPA, the following updates should be made to your website:

  1. Privacy Policy: Your Privacy Policy page content will change, to reference the law and the consumer rights

  2. Home Page Link: Website users with a California IP address will see a CTA button labeled “Do Not Sell My Information” at the bottom of your home page.

  3. Do Not Sell My Information: The CTA button links to a new page titled “Do Not Sell My Information”. This page has content that explains their rights under the CCPA, as well as a web form.

  4. Consumer Data Request Form: This web form resides on the “Do Not Sell My Information“ page. It’s purpose is to allow California residents to make a request regarding any personal data that they have shared with your business.

When a data request is made by a consumer, both you and ARI Network Services will be notified. We will contact you and work with you to handle the data request.

What data is categorized as “personal information”?

Personal information is data relating to an identified or identifiable person. Examples of personal data include:

  • Name

  • Home address

  • Work address

  • Telephone number

  • Mobile number

  • Email address

  • Passport number

  • National ID card

  • Social Security Number (or equivalent)

  • Driver's license

  • Physical, physiological, or genetic information

  • Medical information

  • Cultural identity

  • Finance

  • Bank details / account numbers

  • Tax file number

  • Credit/Debit card numbers

  • Social media posts

  • Location / GPS data

  • Cookies