Skip to Content
Aa Aa Aa

Easy-to-Follow CCPA Checklist for Your Website

Easy-to-Follow CCPA Checklist for Your Website

CCPA stands for the California Consumer Privacy Act, but since you’re here, you probably already know that! California has been leading the way for web privacy requirements as lawmakers find gaps in internet regulations. These new requirements are meant to protect the consumers’ right to choose how their personal information is dispersed.

According to the State State of California Department of Justice, privacy rights for individuals include:

  • The right to know about the personal information a business collects about them and how it is used and shared;
  • The right to delete personal information collected from them (with some exceptions);
  • The right to opt-out of the sale of their personal information; and
  • The right to non-discrimination for exercising their CCPA rights.

All for-profit companies are required to comply with CCPA if the business:

  • Has gross revenues that exceed $25 million
  • Receives, processes, or transfers data from over 50,000 Californians annually, or
  • 50% of annual revenues (at least) comes from selling personal data belonging to Californians

Here’s a quick checklist to ensure your company website meets CCPA:

1) The Right to Opt Out of Sale: provide a clear and conspicuous “Do Not Sell My Personal Information” link to an opt-out form.

It is required to have this link in your privacy policy and recommended that it is also listed elsewhere so it’s easy to find.

2) The Right to Know Personal Information: provide at least two different methods for an individual to request what personal information of theirs that you have collected.

One of those methods must be a toll-free number. If you have a website, one method must be through the website, i.e. a link to an email address or a form. If you operate exclusively online, you are only required to list an email address on your website. All options for providing a place to request personal information include:

  • Toll-free number
  • Email address
  • Website form
  • Hard copy form
  • Downloadable form for print

3) The Right to Delete: designate two ways consumers can request that you delete personal information that you’ve collected about them.

Examples for how you can offer a request to delete:

  • Toll-free number
  • Email address
  • Website form
  • Hard copy form
  • Downloadable form for print

You are not required to provide an online form for this request.

Notice Requirement: notify the individual at or before the point where you collect their personal information.

In the notice, you must list the categories of personal information collected about consumers and why you’re collecting that information. If you sell personal information, then the notice must include a Do Not Sell link.

Examples for where to add notices:

  • In the footer of your website
  • On the website homepage
  • In the website menu
  • In the menu navigation of your app

4) Privacy Policy: include a privacy policy page on your website that states your online practices for collecting, using, sharing and selling personal information. You must also list how a consumer can exercise their right to know, the right to delete, the right to opt-out of sale and the right to non-discrimination.

If your business is required to follow CCPA guidelines, reach out to VGM Forbin for help! We build websites that not only meet CCPA, but also General Data Protection Regulation (GDPR), Web Content Accessibility Guidelines (WCAG) and HIPAA.