Privacy Policies Built for CCPA Compliance

by Sarah Harvey / February 26th, 2019

Updating Your Privacy Policy for CCPA Compliance

If 2018 was the year spent anticipating the GDPR enforcement deadline, 2019 will be the year US states begin enforcing their own data privacy laws. While the California Consumer Protection Act (CCPA) isn’t the first US data privacy law to go into effect, it has certainly gained more attention than others. This could largely be in part because of its similarities to GDPR, but it could also be because it’s the strictest US data privacy law of our time. And though the CCPA doesn’t go into effect until January 1, 2020, provisions within the law require that businesses provide data collected from up to 12 months prior to the enforcement date, which means that organizations must begin their CCPA compliance efforts now. If you’re a US-based company or have clients located in California, you’ll need to update your privacy policy to ensure compliance with CCPA. Check out these 10 ways that you can accomplish this.

What Should a CCPA-Compliant Privacy Policy Include?

Many of the best practices that organizations are using to comply with GDPR will be effective when beginning to comply with CCPA, but there are some slight differences when meeting the CCPA’s privacy policy requirements. Section 1798.130(b) of the CCPA states the required information that should be provided when personal data is collected from California data subjects, which includes, but is not limited to:

  • A description of consumers’ rights under CCPA
  • A description of the purposes of processing personal information
  • A description of the categories of personal information to be collected
  • A definition of the process for requesting the personal information collected about individuals
  • A description of the right to deletion
  • A description of the right to disclosure