Joomla CCPA Explained: How the New CCPA Law Affects Your Business

Since the 1st of January 2020, a new law has been instituted to protect the privacy & data of California residents. The newly passed bill is called the California Consumer Privacy Act (CCPA).

If you already know about GDPR, then it will probably seem like deja vu when you are reading about the CCPA (California Consumer Privacy Act). As both of them are aimed at protecting the private sensitive information of the masses. It was first introduced on January 3, 2018, and has gone into motion on January 1, 2020.

Here is a short summary of the soon to be implemented CCPA Act.

• Californian users’ right to know what personal information is being collected by the websites they visit
• The right to know whether their personal information is sold or disclosed and to whom it’s been sold/disclosed
• Capability to opt-out from the sale of personal information
• Ability to request the deletion of collected information
• The right to equal service & price, even if they exercise the privacy rights

This is only a short summary of the full California Consumer Privacy Act. There is much to the bill and we recommend that you read the full version.

Which Businesses Need to Address CCPA

You might be wondering if your business needs to comply with the California Consumer Privacy Act. Though it’s a bit of a tricky question, the following requirements seem to be the gist of the CCPA policy. You will find the full document here.

If you are a for-profit company, doing business in California, or with Californians, then the new California Consumer Privacy Act applies to your company if you meet one or more of the following criteria:

• Your business’s annual gross revenue exceeds $25 million ($25,000,000)
• You collect personal data of Californians ranging from 50,000 or more people. Data can be your customers’ basic information, emails, payment details, etc.
• You earn 50% or more of your annual revenue by selling the information of California consumers

Publicly available information is not considered as personal data by CCPA. You can head over to the official CCPA fact sheet for more detailed information. If you’re still unsure if CCPA applies to your business, a qualified attorney should be able to help you answer that question. 

Please note: we are not professional lawyers. This article is for educational purposes and you should always consult with a professional lawyer before implementing CCPA.

Penalty For Not Complying With the CCPA

According to the CCPA law, companies that do not comply with the new act or are caught to violate any of the laws will face penalties. The fines differ for the specific situation it was caught in.

For non-compliance violations of the CCPA act, businesses will be fined $2,500 per customer. And for intentional violations, the fine goes up to $7,500 per person. 

For reference, if a company violates the privacy of 100 Californians, by the non-compliance violation penalty of the law, the business will be fined  ($2,500 X 100) = $250,000. The intentional violation fine goes as high as ($7,500 X 100) = $750,000.

How To Implement CCPA In Your Joomla Site

If you have already implemented GDPR on your website it will be much easier for you to add the new privacy policy & necessary components for the CCPA.

It is advisable that you talk to a professional lawyer before implementing any of the following.

• Before making your website CCPA compatible, you need to first understand what personal information you collect.
• Understand what tools and sources you use to collect the visitors/users’ data.
• Research the analytics tools that you use on your site and how they use the data you share with them.
• Just using a cookie consent banner is not sufficient now. You need to properly define what data will be collected and how you intend to use that information. 
• Opt-out option for all data. Users should have complete ownership of their data. 
• Full ability to stop you from doing anything with the user data that the user doesn’t want you to do at any time.
• Enable users to access, change or remove their personal data that you have collected.
• A concrete method for verifying the identity of a user who is making one of those requests.
• Create a privacy notice that states everything clearly.
• Create/update the privacy policy page with the CCPA laws and reassure the users/visitors that their data is safe.
• Include a checkbox to take consent in accordance with the new law in every available form. Example: Contact form, Payment form, etc.
• Specific consent checkbox on newsletter sign up forms that describe what data is being collected, why and that the user has full control over their information.
• Add an age verification for your users.
• Add an SSL certificate to your website.
• Specify everything in easy to understand, simple language.

Only the basics are covered here and in no way ensured complete CCPA act compatibility for your website.

Getting Ready For The Future

You should start implementing the CCPA right now as the law will go into action from 1st January 2020. The tricky part is even if you don’t do business in California, this law might apply to you when any of your visitors are from California. 

The CCPA law only affects your business (or the parent company/subsidiary), when you meet one of the following:

• Your annual revenue (not profit gross revenue) is more than $25 million 
• Every year, you buy, receive or sell personal data from 50,000 or more California devices, households or residents
• Your business involves receiving and/or selling personal data of 50,000 (+) California devices, residents or households
• 50% of your annual revenue (minimum) comes from selling personal data of California residents 

According to the definition of California Law, a resident is someone who:

• Is in California for something other than a temporary or transitory reason
• Lives in California, even if they’re not currently in the state due to a temporary or transitory reason

You should pay close attention to the new California Privacy law because nine other states have already proposed their own privacy bills. 

Resource You Need

All the above-mentioned pieces of information are just a starting point to get you started with the latest privacy law. We are only aggregating the information and giving you a simple representation. 

• TITLE 1.81.5. California Consumer Privacy Act of 2018 [1798.100 - 1798.199]  ( Title 1.81.5 added by Stats. 2018, Ch. 55, Sec. 3.)
• California Consumer Privacy Act (CCPA) FACT SHEET
• TITLE 11. LAW DIVISION 1. ATTORNEY GENERAL CHAPTER 20. CALIFORNIA CONSUMER PRIVACY ACT REGULATIONS PROPOSED TEXT OF REGULATIONS

These are official documents related to the CCPA law & contains more information. 

You should always research the original documents and talk with a professional lawyer. The above information should be taken as a basic guideline. Implement them by consulting with a privacy expert.