WordPress CCPA Compliance: A Guide

The California Consumer Privacy Act (CCPA) is a data privacy law that was passed in California, USA, and is similar to the EU’s General Data Protection Regulation (GDPR). The CCPA is considered the most robust data privacy legislation in the US and has set motion to other privacy acts that have been in progress in the US for some time, like Virginia’s CDPA, Nevada privacy law, and Colorado Privacy Act. The CCPA lays out several rules for businesses to deal with the personal information of consumers, and these rules apply to websites as well. In this article, we will cover what a WordPress user must follow to make their website CCPA compliant.

The CCPA became effective on 1 January 2020 and applies to any for-profit business in the world that meets one of the following criteria:

– Has total annual revenue over $25 million

– Buys, receives, or sells the personal information of 50,000 or more California residents, households, or devices

– Acquires more than half of their annual revenue from selling the personal information of Californians

Consumers have several rights under CCPA, including the right to know about the personal information a business collects and how it is used and shared or sold, the right to delete personal information, the right to opt-out of the sale of personal information, and the right to non-discrimination against those who exercise CCPA rights.

There are consequences for violating CCPA rules. For unintentional violations, you could be fined up to $2500 per violation, and for intentional violations, $7500 per violation. Consumers can seek legal consultation and claim $100 to $750 in damages for data breach and file legal complaints against the violator.

While CCPA does not apply to all websites that serve its defined data subjects, it is recommended that businesses comply with CCPA even if they fall outside its material scope. Protecting customers’ rights and interests should be a top priority, especially if you handle their personal information. It is imperative to provide your users with a space that they can trust and have more control over their personal information.

To make your WordPress website CCPA compliant, you must follow these steps:

1. Privacy Policy Page

A Privacy Policy discloses information related to your website’s data collection, use, sharing, and selling practices. As per CCPA, there is some information that a website must provide in a privacy policy, including what personal information the site collects from users, where it collects the personal information from, why it requires to collect, sell or share personal information, with whom (third parties) does the site share or sell the personal information, what rights do the consumers have under CCPA, and how can they contact you to exercise these rights. You must update the privacy policy every 12 months to include the changing business practices.

2. Do Not Sell My Personal Information Page

The CCPA emphasizes giving users control to object to selling their data than giving consent. Opt-out is a big part of the law, and that is where the mechanism of “Do Not Sell My Personal Information” (DNSMPI) comes. DNSMPI is a method proposed by the CCPA to allow users to opt-out of websites selling their personal information to third parties. The page must provide an explanation of the right to opt-out of the sale of personal information right, a webform or any other method to submit opt-out requests, and a link to the privacy policy.

3. Cookie Consent Notice

CCPA recognized “unique personal identifiers” as personal information. Cookie identifiers, therefore, are personal information under the law. The cookie notice must explain why you use cookies and include a button/link to opt-out of cookies (or the DNSMPI link). CookieYes is an easy-to-use cookie consent tool to add a consent notice on your website and allow users to opt-out of cookies that sell personal information.

4. Data Access

The CCPA requires websites to let users access their personal information upon request. The data access request can be implemented via contact forms. One of the most recommended plugins for building forms in WordPress is Ninja Forms.

5. Data Deletion

The CCPA requires websites to delete personal information upon user request. WordPress’ latest versions also have dedicated settings for your visitors to submit data deletion requests. The Ninja Forms plugin has several templates, including one for data deletion requests.

In conclusion, following these steps will kickstart your WordPress website’s CCPA compliance in the right way. However, it is recommended to get a legal consult for complete compliance. That way, you will be able to ensure that everything is in place.

Stay in Touch


Related Articles