HostMonster Web Hosting Help
California Consumer Privacy Act
The CCPA: What You Need to Know and How HostMonster Helps You Comply
The CCPA, which is short for the California Consumer Privacy Act, is a law designed to enhance consumer privacy rights for California consumers and to encourage transparency regarding how businesses collect and use personal information. Businesses subject to the CCPA are expected to be in compliance with the law by January 1, 2020.
While we cannot provide legal advice, we thought it would be helpful to provide you with the basics of the California Consumer Privacy Act (CCPA) to help you better understand the law and how it may apply to your business. In this article, we will walk you through the basics of the CCPA, including some of the most relevant parts of the law for our HostMonster customers. This information is provided as a convenience -- it is not an exhaustive summary of the CCPA or legal advice for your company to use in complying with the law. You should consult your own legal counsel to determine if you are subject to the requirements of CCPA and for a full understanding of your obligations under the law.
- What Is Considered Personal Information under the CCPA?
- Who Has Obligations under the CCPA?
- Who Has Rights under the CCPA?
- Honoring “Do Not Sell” Requests
- Notice and Consent Under the CCPA
- How is HostMonster Helping Me Comply with CCPA?
- What is HostMonster Doing to Comply with the CCPA and Address Individual Rights Requests?
- What if You Have More Questions about the CCPA?
- Other Changes
What Is Considered Personal Information under the CCPA?
The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In short, if information can be traced back to, or is related in some way to, a consumer or household, it is likely to be considered personal information under the CCPA.
Similar to another well-known privacy law, the General Data Protection Regulation (or the “GDPR”), this definition of personal information is very broad. In addition to the kinds of information you might think about as personal information – name, address, email address, financial information, contact information, identification numbers, etc., personal information can include details related to an individual’s digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers. It could also include other types of information about an individual, including information about their physical, mental, social, economic, or cultural identities. CCPA’s definition of personal information relating to a household, even if it does not identify a specific individual within that household.
Who Has Obligations under the CCPA?
The CCPA applies to businesses that are doing business in California if they meet the following conditions:
- Are for-profit (generally speaking, non-profit organizations do not have to comply with CCPA unless they share branding or are controlled or owned by a for-profit organization);
- Collect and control the processing of California consumers' personal information;
- Do business in California, or target California consumers; and
- Meet any one of the following conditions:
- Have annual gross revenue in excess of $25 million,
- Annually receive, buy, sell or share personal information of 50,000 or more consumers or households within California, or
- Derive fifty percent or more of their annual revenue from selling personal information.
Who Has Rights under the CCPA?
The CCPA was passed by California lawmakers to give California consumers more control over their personal information (described above). The law defines a 'consumer' as a natural person who is a resident of California, and it also applies to California residents who are traveling outside of the state. The CCPA is designed to ensure that consumers have:
- the right to be informed about what personal information is being collected about them, where it was sourced from, what it is being used for and whether their personal information is sold or disclosed;
- the ability to opt-out of the sale of their personal information, request access to their personal information, request deletion of their personal information; and
- protection against discrimination for exercising any of these rights.
Please note that not all of these rights listed above are absolute, and limitations/exceptions may apply in some cases. Businesses are required to provide a method to receive and respond to individual rights requests submitted by California consumers.
Honoring “Do Not Sell” Requests
As mentioned above, under the CCPA, consumers can request that businesses do not sell their personal information. The definition of ‘selling’ under the CCPA is very broad and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”
If you ‘sell’ personal information as defined by the CCPA, you are required to provide a link that says “Do Not Sell My Personal Information” or “Do Not Sell My Info” on your website’s homepage and within your privacy notice. If a consumer opts-out, you must honor their request and communicate it to third parties with whom you share the consumer’s information. To ensure that you are able to honor these “Do Not Sell” requests, it is important for you to understand how you collect and share personal information in all contexts.
To learn more about this requirement, and if you must comply with it, consult the CCPA website. To further understand your obligations to communicate to third parties, consult with your legal counsel.
Notice and Consent under the CCPA
Businesses are required to notify consumers of their rights under the CCPA, including their right to deletion, right to know, and data portability rights as well as how to exercise these rights. These required disclosures can be made via a privacy policy, in a CCPA-specific notice, or at the time the business collects the personal data. Before the CCPA goes into effect, you should make sure that your privacy notice accurately reflects your information sharing and business practices.
Businesses must also implement processes to respond to verified consumer requests and opt-out requests. Businesses must make at least two methods of submitting requests available to consumers including, at a minimum, a toll-free telephone number and a website address if the business maintains one. Businesses are also required to respond to consumers’ requests within the time limits set out in the CCPA.
Under the CCPA, businesses are required to inform consumers of the specific categories of personal information that are being collected and what the information is being used for. Businesses must provide another notice if additional categories of personal information are collected that were not previously disclosed, or if the collected information is being used for purposes unrelated to the original purpose. The CCPA website discusses these requirements in depth and what they mean for your business.
Third parties that receive personal information from businesses must provide consumers explicit notice and the ability to opt-out before selling personal information to another business.
Under the CCPA, there are only a couple of situations where opt-in consent is needed from consumers. If a company offers financial incentives in exchange for personal information, the consumer must opt-in. This could impact businesses that offer customers money in exchange for providing additional personal information. Businesses must also obtain opt-in consent from consumers that are under the age of 16 in order to sell their personal information.
How Is HostMonster Helping Me Comply with CCPA?
HostMonster wants to ensure that our products allow our customers to comply with their obligations under the CCPA. You should consult with your legal counsel regarding what your obligations may be under CCPA.
Where required, we will support you, as a HostMonster customer, in fulfilling CCPA related requests that you receive from your contacts.
What Is HostMonster Doing to Comply with the CCPA and Address Individual Rights Requests?
If you are a California consumer and exercise your CCPA rights as a HostMonster customer, HostMonster will respond in accordance with our Privacy Notice.
The Privacy Center explains what information we collect about you as a HostMonster customer and how we handle your personal information. This notice includes descriptions of how your personal information may be used by HostMonster. We suggest that you review how this applies to you. Note that as the CCPA is further revised, we may be updating our privacy notice to align with these changes.
What If You Have More Questions about the CCPA?
If you have specific questions about the assistance we can offer with the CCPA, please contact Support via 866-573-4678 or privacy@newfold.com.
Other Changes
You may be aware that the California legislature may further amend the CCPA. Additionally, the California Attorney General must finalize regulations in conjunction with certain provisions in the CCPA. These regulations will not go into effect until after the CCPA’s January 1, 2020, effective date.
Once these new rules are finalized, we will be reviewing our forms and features to provide our customers with the necessary tools to achieve compliance, if needed.