CCPA for B2B: Brief Overview

December 30, 2019

Category: Best Practices

On January 1, 2020 the new California Consumer Privacy Act (CCPA) will go into effect. Similar to the EU’s General Data Protection Regulation (GDPR), the new law focuses on privacy and security and will affect many B2B businesses across the United States. 

To help you navigate this new regulation, we’ve created the CCPA for B2B Brief Overview

What is CCPA?

In short, the CCPA states that businesses that collect personal information on California residents and that meet certain revenue or information collection thresholds must: 

  • Disclose what personal information is collected and the purposes for which it is used
  • Disclose what personal information is sold or shared and to whom
  • Delete personal information if requested
  • Allow consumers to opt-out of the sale of their personal information
  • Not discriminate against a consumer for exercising any rights under the Act

Who Does CCPA Apply To?

CCPA applies to all for-profit companies, regardless of location with gross revenue over $25 million, that collects data for at least 50,000 California residents, or acquires at least 50% of revenue from the sale of personal information. 

What Does CCPA Mean for B2B Businesses?

There’s no need to panic! A new amendment (AB 1355) for CCPA gives a one-year reprieve from compliance with most provisions for B2B transactions and employee data. Within the next year, B2B businesses must still provide an opt-out and cannot discriminate against consumers who chose to do so. This grace period is especially beneficial for B2B business with business contacts that include California personal data. 

How can B2B Businesses Prepare for CCPA?

B2B businesses should take steps to comply with CCPA in 2020. Here’s an easy checklist to get started:

  • Update your Privacy Policy – make sure it is easily accessible in a footer, header or navigation bar of your website or eCommerce experience. 
  • Include an opt-out link in your privacy policy and communications – ensure you’re regularly maintaining your database and out-out process. 
  • Establish a process for consumers to request this information – including databases & forms – including information access and deletion, categories of information, and information-sharing partners
  • Organize the personal information you’ve collected into categories and the points of collection
  • Organize business contacts, and categories of business contacts, from/with whom personal information and categories are shared

As we enter 2020, there will continue to be a focus on consumer privacy and security. If you haven’t already, educate your teams on the new CCPA regulations and start coming up with a strategy to be in compliance before the end of the one-year grace period. Four51 is here to help!