I am not an attorney and cannot tell you that the below will make your website 100% CCPA compliant. These steps are, however, ways to make simple changes to your website to help you be more compliant. If your business is doing most of its business in California, you should probably consult an attorney.
OK now that we got the boring legal crap out of the way, let’s get stuck into more boring legal crap!
I mean, compliance is fun and exciting!
And unfortunately, it’s super important for your business. Because frankly, while the CCPA applies largely to businesses that do $25M+/year in the state of California, advertisers like Facebook are “requiring” that your website is compliant in order to get the most data out of their pixel. What started in the EU with the GDPR a couple of years ago will only spread, so let’s get stuck in with what this means and how you can help make your website compliant.
What is the CCPA?
The California Consumer Privacy Act, or CCPA, allows individuals the ability to have more control over their personal information that businesses collect about them. While many marketers are worried about losing data we deem essential, our customers are concerned about the sheer amount of information we have on them, their preferences, their browsing history, etc.
Sure, this is in California now and you may do 0 business there. But this concept started in the EU with the GDPR and its growing. Consumers want to feel like they have some privacy left online. Honestly, while us marketers are concerned about data loss (but my targeting options!!), we should be more concerned with providing great customer service. That includes allowing people to opt-out of being tracked. Making these shifts today, and allowing your browsers to have this level of control over their data, will only work to build their trust.
Or, to put it simply, start now so you don’t have to scramble later.
Get Your Website Compliant (ish)
I’ll be honest, there’s a lot of information out there if you’d like to dive down the rabbit hole of the CCPA. Even some attorneys acknowledge that there are a lot of gray areas, but in my research, there’s a few simple things that can help you be compliant and work towards protecting your business and your clients’ information.
1. Add a Do Not Sell My Personal Information Link
If you look in my footer, you’ll notice a new link that reads (very simply) Do Not Sell My Personal Information. This should be on every single page of your website, even if you’re like me and don’t sell any of your customers’ information to third-parties. I’ve opted for a simple popup powered by CookiePro CCPA. It’s a free plugin that comes with a lot of features, or you could upgrade to the paid version. I’ve got the free installed myself, and it comes with everything I want, including giving a way for the browser to contact me if they would like to double check on their personal information that I gather. It also gives them the option to block personalized ads on my website. Again, I don’t have Google ads on my site, but it’s an important thing to allow them to opt out of if you do.
The “Do Not Sell My Personal Information” link is the most important and unique piece that I’ve seen with the CCPA. The CookiePro CCPA plugin took me just a few minutes to set up and its well worth the time to do so.
2. Allow Users to Accept/Deny Cookies
This has been a need since the GDPR, so there are a lot of great plugins out there for this. Personally, I use the free GDPR Cookie Compliance plugin. It allows me to adjust branding colors, defaults to an Accept, but also gives the customer the ability to adjust in a Settings link. (You probably hit Accept without even thinking about it when you hit my website.) The important thing about this or any other Cookie plugin is that you put your tracking codes, i.e. Facebook Pixel or Google Analytics, in through the plugin. When the user hits Accept, those are added to your site and start working automatically.
If they choose, however, they need to be able to actually turn those off. With my setup, I have a section for 3rd party plugins that discloses which trackers I use (Facebook Pixel and Google Analytics) and why. It then allows the browser to turn just those off. WordPress has its own set of cookies that help their sites perform better, so it’s fantastic that this plugin lets people segment out which cookies to disable or enable.
3. Update Your Privacy Policy
Or, make sure you have one on your website. Like the Do Not Sell My Personal Information page, this should be linked in your footer on every page of your website. WordPress actually includes a generic privacy policy in new websites that you can update to your needs or you can also look at some competitors and bigger brands to see what they did and adjust (shhh, don’t tell an attorney I said that).
If you look at my privacy policy, you’ll see I have a section dedicated to Cookies, and I include which third-party company’s cookies I use and links to their own privacy policies. I also made sure to include that I do not sell private information in my privacy policy, and I adjust the date each time I update it. My privacy policy is by no means perfect, but it covers a lot of the basics that I personally need with what I do and collect with my website.
Don’t Wait to Get Compliant
CCPA is already in effect, GDPR has been for awhile, and Facebook actually has some data tracking turned off right now for California residents to allow its advertisers time to get compliant by August 1st. If you do any business at all in California or the EU, it’s time to start enacting these changes on your website. Even if you don’t intend to target a huge chunk of your customer base in these areas, getting compliant now will save you a headache as these privacy laws undoubtedly grow.
Need help? I’m happy to talk over how we can help you and your website get more compliant!