You have probably noticed all the “cookie banners” on websites - small windows that pop-up and ask you to accept cookies. These are being added to sites to comply with regulations in Europe (GDPR - General Data Protection Regulation) and California (CCPA - California Consumer Privacy Act).
California’s Attorney General began enforcement of the CCPA in August. The AG is required to notify organizations of possible non-compliance before enforcing any penalties. Organizations have 30 days to resolve issues.
The CCPA’s purpose is to provide consumers with information for how their personal data may be collected and used by organizations before it is collected. It also requires ways for consumers to ask to review any data collected and request its deletion. Consumers can also specifically request that their personal information not be sold.
So do you need to add a cookie banner to your site to comply with the CCPA?
The CCPA applies to any organization that does business in California and meets these criteria:
Annual gross revenues over $25 million
Buys, sells, shares the personal information of 50,000 or more consumers per year
Derives 50% or more of annual revenue from selling consumers’ personal information
Since websites can be accessed from anywhere, even if you do not have a physical location in California you could still be subject to the law if you have customers in California.
How do you comply with the CCPA?
The exact information you need to provide in the notice will depend on the information collected by your website or company and if you sell the information.
There are many services such as OneTrust, CookieBot and CookiePro that can help you design a cookie banner system to track consumer authorization and gather any requests for review or deletion. The costs of the services vary, including free options.
HBS offers privacy and security consulting to help you determine the specific requirements of your organization and identify any internal processes needed to comply with regulations.
HBS can implement the necessary code provided by the services on your websites.
About the Author
Sally Schmidt Web Solutions Consultant
Sally has 18 years’ experience researching and developing web sites and online applications. She sets the vision for projects by gathering, analyzing and defining business and functional requirements, and target audience needs and expectations. She guides decision making based on usage data and audience feedback analysis. Sally has earned the Google Analytics Individual Qualification (IQ).
Sally has wide range of experience conducting usability interviews and developing surveys, sales and customer care tools, consumer community sites, and even games for kids. She has worked with small and large organizations including IBM, NFL, Kimberly-Clark, Brady Corp., Kohler, MTV, Pentair, ThedaCare, Madison Metropolitan School District, Girl Scouts of Wisconsin Southeast, Eau Claire Area School District, Northeast Wisconsin Technical College, Fox Cities Performing Arts Center, Spring Lake Park School District and Charter Manufacturing.