Tags
Read time
5 min read
Last updated
October 31, 2024
🆕 Partner with Ketch to redefine privacy, permissioning, and consent for the AI era
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are landmark data privacy laws that grant consumers control over personal information collected by businesses. To comply with CCPA, businesses must ensure their privacy policy language is clear, accessible, and compliant with specific regulations.
‍One requirement under the CCPA is to update your website’s privacy policy to include details of the rights afforded by the law, a description of the data access and deletion processes, and a list of all categories of personal information collected, used, and sold by the business, among others.
These must be written in plain English and formatted in readable text that’s easy to navigate.
The CCPA requires companies to provide transparency in data collection practices, ensuring that consumers are informed about their rights. This law enforces crucial rights, including data access, deletion, and opt-out capabilities for consumers, making it essential for businesses operating in California or handling data from California residents to stay compliant.
Read further: California Consumer Privacy Act (CCPA)
A privacy policy is a written statement that provides information on the online and offline data practices of a business, particularly as they relate to its consumers (i.e. the sources of the data). It describes the collection, use, sale, sharing, or transfer of people’s personal information.
Under the CCPA, personal information refers to any information that identifies, relates to, or in any way links to a California consumer or household. This includes, but is not limited to, basic information, non-commercial data, and insights gathered from user activity and preferences.
For full compliance, the privacy policy must also be user-friendly, written in clear language, and easily accessible on the business’s website.
‍
‍
A CCPA privacy policy is required to disclose the rights established by the data privacy law and explain how a consumer can exercise their rights under the law. It should be outlined in plain, readable text that is easy to navigate, and it must be linked to visible areas of your website.
Read more: Who does the CCPA apply to?
To meet CCPA requirements, your privacy policy must clearly outline the following:
Your privacy policy must inform consumers of their rights under the CCPA, namely:
Consumers must be given the option to access their data. So your privacy policy should include instructions on how they can perform a CCPA data subject access request. In the same way, under the CCPA right to deletion, it should give consumers the avenue to delete the personal information collected from them.
These usually mean operating a toll-free number or email address that they can use to submit data access and deletion requests.
‍
‍
The CCPA mandates businesses that give access or sell consumer data to third parties to provide a dedicated web page where consumers can opt out of the sale of their personal information.
This page, called the Do Not Sell My Personal Information page, must be linked to both your privacy policy and website homepage.
Your privacy policy must make your data practices transparent, from collection to sale. It must list all categories of personal information collected, the sources of these data, and the purpose for collecting them.
Your privacy policy should also disclose how and to whom personal information is shared, exchanged, transferred, or sold, especially if it’s done for profit.
‍
‍
All businesses that do business in California or with California consumers must comply with the CCPA and, consequently, create or update their privacy policy according to the requirements of the law.
Although not all businesses fall under the jurisdiction of the CCPA, businesses are encouraged to adopt the law in their data practices. With other data privacy laws such as the General Data Protection Regulation (GDPR) already in place, it won’t be long until more local and international markets work to secure consumers’ rights to their data privacy.
Read more: CCPA vs GDPR: What's the difference?
Homegrown compliance solutions are challenging to scale in the face of sprawling privacy regulations. Following the establishment of new locations in the United States, Good Smile Company needed to consider a new time-sensitive requirement: complying with local data privacy regulations, including CCPA/CPRA compliance in California.
“We needed to move from homegrown compliance to scalable, future-proof privacy tech. Ketch is a great solution for us. Today we’re complying with privacy regulations and respecting people’s privacy choices in every data system.”
Taylor Locke, Director of IT, Good Smile Company
Read the full case study: Good Smile Company achieves CCPA/CPRA readiness with Ketch
The CCPA requires your website’s privacy policy to include the provisions of this legislation so that consumers are informed of the control they now have over their personal information. Visitors to your website must also be given any necessary instructions on how to avail themselves of those rights.
Go further: How to choose the best CCPA compliance software for your brand
Ketch makes consent banner set-up a breeze with drag-and-drop tools that match your brand perfectly. Let us show you.
