CCPA: What You Need to Know

Do you know who owns your personal data? This question is at the heart of a new law in California that’s set to usher in a new era of consumer data protection. The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020 and will affect many businesses throughout the United States.

What is CCPA?

The CCPA enhances California residents’ privacy rights and consumer protections. It was passed in June 2018 and goes into effect on January 1, 2020. The CCPA is similar to the EU’s GDPR but broadens the definition of personal information to include anything that identifies, relates to, describes, is capable of being associated with, or could be linked to a particular consumer or household.

What’s the goal of CCPA?

The CCPA will give California residents these new privacy rights:

  • The right to know what personal information is collected about them
  • The right to have their personal information deleted
  • The right to opt-out of having their personal information shared with third-parties
  • The right to receive a copy of the collected information for the 12 months prior to the request
  • The right to not be discriminated against for exercising these rights

Who does CCPA affect?

The CCPA applies to businesses that meets any of the following criteria:

  • Collects consumers’ personal information
  • Does business in California, including e-commerce
  • Meets any of these thresholds:
    • Has gross annual revenues of more than $25 million
    • Buys, receives, or sells the personal information of 50,000 or more consumers, households, or devices
    • Receives 50% or more of annual revenues from selling consumers’ personal information

It’s important to know that the CCPA does not clearly define what “doing business in California” means and if it applies to businesses that don’t have a physical presence in California so its important to consult a legal professional to see if your business is affected.

How do I stay compliant?

To comply with the CCPA, home builders should start with the following:

  • Disclosure before collection: Home builders must disclose what information is collected, sold, or shared and how their data will be used. This disclosure must happen before or at the time of data collection. This means you can’t use the collected information for something else that wasn’t initially disclosed.
  • Accept and Process consumer requests: home builders must create procedures to respond to consumer requests to opt-out, know, and delete personal information. For opt-out requests, a “Do Not Sell My Info” link on their website or mobile app must be provided. Builders must also respond to these requests within a specific timeframe.
  • Revise privacy policies and update annually: The privacy policy must include the following:
    • Description of the new rights afforded to California residents
    • Description of how to submit a personal information or deletion request
    • An opt-out page on the website
    • List of categories of personal information that has been collected in the past 12 months
    • Sources of each category of personal information
    • The purpose of the collected information
    • List of categories of personal information that has been sold in the past 12 months
    • List of categories of personal information that has been disclosed for a business purpose in the past 12 months
  • Review third-party contracts: Builders should review their contracts with third-party companies that collect information on their behalf to make sure they are in compliance with the CCPA.

CCPA is just the beginning

The CCPA appears to be the sign of the times, as many states like Massachusetts, Maryland, and Washington D.C. are now considering passing their own privacy and consumer protection laws of their own. Now is the time to take the necessary steps to protect your homebuyers’ data privacy.