CCPA Explained: Article 2 - Notices to Consumers - Part 2 - Notice at Collection

 Oct 12, 2019 11:00 AM
by Derek Lackey

We write these chapters to assist organizations to effectively and efficiently IMPLEMENT new practices designed to take care of your prospect and customer while meeting the standards set by this new law. It begins with understand your obligations under the new CCPA.

Article 2. Notices to Consumers

§ 999.305 Notice at Collection of Personal Information

A. Purpose and General Principles
1. Categories of Personal Information and why you are collecting it.
2. Easy to read and understandable to an average consumer.
a) Use plain, straightforward language and avoid technical or legal jargon
b) a format that draws attention
c) in languages the business usually uses
d) accessible to consumers with disabilities
3. PI cannot be used for any purpose other than the stated purpose. If scope is revised, new permission must be requested.
4. Cannot collect more categories of PI than you are disclosing.
5. No notice. No collection.

B. Include the following in it's notice of collection
(1) list of categiries about to be collected written in a way it can be understood.
(2) each category and a statement how it will be used.
(3) if the business sells information - Do Not Sell My Info must be added
(4) a link to the privacy policy

C. Notice at collection may be a link to the section of the privacy policy that contains th info required.

D.  If you did not collection the Personal Information yourself you should:
(1) Contact the person with a notice to opt-out
(2) Contact the source of the information to:
a. confirm a Notice at Collection was executed orginally.
b. Obtain a written description of how Notice was provided with an example of the notice. This should be kept for at least 2 years.

This is easy to grasp and with paragraph C, very easy to implement. All you need to do is add these categories and use statements to your privacy policy and create a link BEFORE your fields on your webform. For every category of data you collect, an organization should write a paragraph in their privacy policy describing why it is being collected and how it will be used. As we can see where this is all heading, add how long you intend to keep it and you will be ready for the next wave of data protection laws, which you can bet will follow the CCPA shortly.

You may also wish to read:

CCPA Explained: Article 1 General Provisions - Part 1 - Scope and Definitions