🆕  Introducing Ketch data map updates: risk governance meets actionable insights

CCPA privacy policy language: A guide for compliance

Learn how to craft CCPA-compliant privacy policy language that informs and empowers consumers while ensuring your business meets California privacy standards.
Read time
5 min read
Last updated
December 16, 2024
Ketch is simple,
automated and cost effective
Book a 30 min Demo

The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are landmark data privacy laws that grant consumers control over personal information collected by businesses. To comply with CCPA, businesses must ensure their privacy policy language is clear, accessible, and compliant with specific regulations.

Understanding CCPA privacy policy language requirements

‍One requirement under the CCPA is to update your website’s privacy policy to include details of the rights afforded by the law, a description of the data access and deletion processes, and a list of all categories of personal information collected, used, and sold by the business, among others.

These must be written in plain English and formatted in readable text that’s easy to navigate.

Why CCPA compliance matters

The CCPA requires companies to provide transparency in data collection practices, ensuring that consumers are informed about their rights. This law enforces crucial rights, including data access, deletion, and opt-out capabilities for consumers, making it essential for businesses operating in California or handling data from California residents to stay compliant.

Read further: California Consumer Privacy Act (CCPA)

What is a privacy policy?

A privacy policy is a written statement that provides information on the online and offline data practices of a business, particularly as they relate to its consumers (i.e. the sources of the data). It describes the collection, use, sale, sharing, or transfer of people’s personal information.

Under the CCPA, personal information refers to any information that identifies, relates to, or in any way links to a California consumer or household. This includes, but is not limited to, basic information, non-commercial data, and insights gathered from user activity and preferences.

For full compliance, the privacy policy must also be user-friendly, written in clear language, and easily accessible on the business’s website.

‍

example of ccpa privacy policy language
Extract from a CCPA-compiant privacy policy

‍

Key elements of CCPA-Compliant privacy policy language

What do I need to include in my privacy policy?

A CCPA privacy policy is required to disclose the rights established by the data privacy law and explain how a consumer can exercise their rights under the law. It should be outlined in plain, readable text that is easy to navigate, and it must be linked to visible areas of your website.

Read more: Who does the CCPA apply to?

To meet CCPA requirements, your privacy policy must clearly outline the following:

1. CCPA consumer rights

Your privacy policy must inform consumers of their rights under the CCPA, namely:

  • The right to non-discrimination for exercising rights under the CCPA

2. Requesting data access and deletion

Consumers must be given the option to access their data. So your privacy policy should include instructions on how they can perform a CCPA data subject access request. In the same way, under the CCPA right to deletion, it should give consumers the avenue to delete the personal information collected from them.

These usually mean operating a toll-free number or email address that they can use to submit data access and deletion requests.

‍

example of do not sell my personal information page
Example of a “Do Not Sell My Personal Information” page

‍

3. “Do Not Sell My Personal Information” page

The CCPA mandates businesses that give access or sell consumer data to third parties to provide a dedicated web page where consumers can opt out of the sale of their personal information.

This page, called the Do Not Sell My Personal Information page, must be linked to both your privacy policy and website homepage.

4. Details of personal information collected, used, or sold

Your privacy policy must make your data practices transparent, from collection to sale. It must list all categories of personal information collected, the sources of these data, and the purpose for collecting them.

Your privacy policy should also disclose how and to whom personal information is shared, exchanged, transferred, or sold, especially if it’s done for profit.

‍

‍

Why your privacy policy needs CCPA-compliant language

All businesses that do business in California or with California consumers must comply with the CCPA and, consequently, create or update their privacy policy according to the requirements of the law.

Although not all businesses fall under the jurisdiction of the CCPA, businesses are encouraged to adopt the law in their data practices. With other data privacy laws such as the General Data Protection Regulation (GDPR) already in place, it won’t be long until more local and international markets work to secure consumers’ rights to their data privacy.

Read more: CCPA vs GDPR: What's the difference?

Example of effective CCPA-compliant privacy language

Homegrown compliance solutions are challenging to scale in the face of sprawling privacy regulations. Following the establishment of new locations in the United States, Good Smile Company needed to consider a new time-sensitive requirement: complying with local data privacy regulations, including CCPA/CPRA compliance in California.

“We needed to move from homegrown compliance to scalable, future-proof privacy tech. Ketch is a great solution for us. Today we’re complying with privacy regulations and respecting people’s privacy choices in every data system.”

Taylor Locke, Director of IT, Good Smile Company

Read the full case study: Good Smile Company achieves CCPA/CPRA readiness with Ketch

Conclusion

The CCPA requires your website’s privacy policy to include the provisions of this legislation so that consumers are informed of the control they now have over their personal information. Visitors to your website must also be given any necessary instructions on how to avail themselves of those rights.

Go further: How to choose the best CCPA compliance software for your brand

Read time
5 min read
Published
November 8, 2021
Need an easy-to-use consent management solution?

Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.

Book a 30 min Demo

Continue reading

Product, Privacy tech, Top articles

Advertising on Google? You must use a Google certified CMP

Sam Alexander
3 min read
Marketing, Privacy tech

3 major privacy challenges for retail & ecommerce brands

Colleen Barry
7 min read
Marketing, Privacy tech, Strategy

Navigating a cookieless future with Google Privacy Sandbox

Colleen Barry
7 min read
Get started
with Ketch
Begin your journey to simplified privacy operations and granular data control across the enterprise.
Book a Demo
Ketch was named top consent management platform on G2