CCPA: How Does It Affect Your Ecommerce Business?

Share on facebook
Share on twitter
Share on linkedin
Share on email
Photo depicting data security for California Consumer Privacy Act

When the California Consumer Protection Act (CCPA) was first unveiled, a lot of ecommerce providers were left scratching their heads. Like GDPR, not every business is affected by the new regulations created under the CCPA, but those that are may need to make significant changes in order to reach compliance and avoid hefty fines. For ecommerce companies who do interstate business, you may be asking yourself or your IT department:

  1. Does my site comply with current regulations?
  2. If it doesn’t, what steps do I take to get it there?

CCPA requirements became enforceable as of July 1, 2020, so the time to act is now if you haven’t already. The good news is that there are multiple different methods you can use to ensure compliance, many of which are fairly simple. But let’s start with the big questions.

Do I Even Need to Be CCPA Compliant?

As far-reaching as the CCPA may be, not every ecommerce business needs to worry about changing anything to meet new regulations. In fact, if you don’t meet the qualifiers, you are exempt from following CCPA rules. To find out if you need to follow the new regulations, ask yourself these questions:

  • Does my business do $25 million or more in revenue annually?
  • Does my business maintain personal records of 50,000 or more individual customers, households, or individual devices?
  • Does my business make 50% or more of its revenue by selling consumer data?

If the answer is yes to any of these, you need to make sure you are in compliance.

What the CCPA Regulations Mean for You

At face value, the CCPA is pretty clear in its intent: you must offer a way for California residents to access the results of data gathering and data sharing activities they might incur while engaging with your site. This means that you must provide a path for users to:

  • Receive a copy of their data
  • Know exactly how their data was collected
  • Know who has access to said data
  • Opt-out of sale of data to a 3rd party
  • Erasure on request (with some exceptions)

While this might seem like a straightforward effort aimed at providing reports to your customers, the CCPA isn’t limited to conventional data collection and sale. Under CCPA regulations, you’ll need to be ready to disclose data shared with every plugin, platform, and integration that touches user data. Platforms included under the CCPA regulations range from industry standard tracking, such as Google Analytics or Facebook Pixel, to more specific marketing tools, like email marketing platforms or any plugin on your site that gathers user data. Additionally, CCPA protections aren’t just limited simply to customers currently using your site and/or making purchases; they also include people who have previously registered for your mailing lists.

Essentially, you are responsible for reporting on every tool on your site or elsewhere in your marketing pipeline that touches user data.

CCPA, Ecommerce, and How It Relates to Your Site

Figuring out a solution to CCPA ecommerce compliance can be a bit multifaceted, but fortunately, you can go about reaching compliance in two different ways, both of which have strengths and weaknesses:

  • Offering CCPA Rights According to User Location
    • Through geolocation or state selection form fields, you may provide CCPA rights exclusively to users who are in California
      • Pros: only CA residents will have access to the data gathered on your site
      • Cons: VPN users can easily get around this, potentially exposing you to a regulatory breach
  • Offer CCPA Rights to Everyone
    • Simply extend the provisions of the CCPA to all of your customers
      • Pros: simple, quick, all but ensures that your site is compliant; puts your site ahead of the curve should other states create their own version of the CCPA
      • Cons: CCPA requests may be more common, potentially limiting data gathering capabilities and site analytics

How We Can Help 

Whichever route you choose to address the CCPA, ecommerce will always be complicated, and there’s never a one-time fix. Every time you add a new reporting tool or introduce a new revenue channel, you’ll need to make sure that you can adequately report on customer data use. Otherwise, you’ll open your business up to additional liabilities and fines.

As a full-service, mid-market ecommerce solution, Kalio Commerce is uniquely equipped to help you build an ecommerce presence that is adaptable to the CCPA and all future challenges caused by other states’ inevitable adoption of their own regulations. To learn more about our ecommerce solution or CCPA compliance, feel free to reach out to us today!