Quantcast has worked extensively across the industry to define what’s needed in a CCPA Framework. We are currently building an extension of Choice to support some of the needs of website owners’ around the CCPA, which will be released in January 2020. You can learn more about the CCPA regulations in this post.  In the meantime, we are happy to provide guidance and next steps to website owners on things to do before implementing a consent management tool. Here’s what we recommend you do to prep:

What should website owners tackle before implementing a compliance Framework?

  • Create a Data Map:
    Building a data map creates a foundation for the privacy and data protection compliance work companies need to do. A data map catalogs data sources, identifies the places where data is stored, how it may be  used, who has access to the data, and how it may be shared. In some cases, the same data may be received from more than one source, accessed and used for more than one purpose, or by more than one team, across your company. Creating a data map allows you to understand the in’s and out’s of different data that you collect and use, and enables you to understand where and how regulation may apply.

If you’ve done this step for GDPR then you are one step ahead for CCPA.

  • Update your Privacy Policy:
    Businesses that sell personal information about California residents, or allow information to be collected on their websites or apps, need to provide information in their privacy policies about that collection or sale. The CA Attorney General has provided draft regulations on how and what information should be included in privacy policies, which you can find here.
  • Sign Agreements with Service Providers:
    As a business, you may share personal information with your Service Provider partners for various purposes related to your business. Because of this, you must have an agreement with the Service Provider, and the Service Provider may not sell or share the personal information you’ve shared with them for its own commercial purposes.

Quantcast Choice: Handling the Online Consumer Interactions Required by CCPA.

  • Do Not Sell My Data requests:
    The CCPA requires Businesses that sell the personal information of California residents to include a “Do Not Sell My Data” link/button on their websites and apps. Consumers that click the “Do Not Sell My Data” button should be given the opportunity to opt out of the sale of their personal information by the Business to Third Parties that they work with. The CA Attorney General has provided draft regulations  on how and where Businesses should implement the Do Not Sell My Data button.
  • Data disclosure updates:
    Businesses that sell the personal information of California residents are required to provide specific disclosures on their website or app.
  • Pass Along Opt-Outs Downstream:
    Businesses that receive consumer Do Not Sell My Personal Data request should  pass those opt out requests on to Third Parties that they have sold data to.

Key Definitions:

Personal Information (PI)
Any information that may be used to directly or indirectly identify an individual. This includes: real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, SSN, driver’s license number, passport number, and also pseudonymous identifies like cookie IDs, IP addresses and mobile ad IDs.

Sell
Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means for monetary or other valuable consideration.

Learn more on privacy
The latest and greatest on global privacy laws and industry coverage. Learn more