Bluehost Web Hosting Help

California Consumer Privacy Act

The CCPA: What You Need to Know and How Bluehost Helps You Comply

The CCPA, which is short for the California Consumer Privacy Act, is a law designed to enhance consumer privacy rights for California consumers and to encourage transparency regarding how businesses collect and use personal information. Businesses subject to the CCPA are expected to be in compliance with the law by January 1, 2020.

While we cannot provide legal advice, we thought it would be helpful to provide you with the basics of the California Consumer Privacy Act (CCPA) to help you better understand the law and how it may apply to your business. In this article, we will walk you through the basics of the CCPA, including some of the most relevant parts of the law for our Bluehost customers. This information is provided as a convenience -- it is not an exhaustive summary of the CCPA or legal advice for your company to use in complying with the law. You should consult your own legal counsel to determine if you are subject to the requirements of CCPA and for a full understanding of your obligations under the law.


What Is Considered Personal Information under the CCPA?

The CCPA defines personal information as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” In short, if information can be traced back to, or is related in some way to, a consumer or household, it is likely to be considered personal information under the CCPA.

Similar to another well-known privacy law, the General Data Protection Regulation (or the “GDPR”), this definition of personal information is very broad. In addition to the kinds of information you might think about as personal information – name, address, email address, financial information, contact information, identification numbers, etc., personal information can include details related to an individual’s digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers. It could also include other types of information about an individual, including information about their physical, mental, social, economic, or cultural identities. CCPA’s definition of personal information relating to a household, even if it does not identify a specific individual within that household.

Who Has Obligations under the CCPA?

The CCPA applies to businesses that are doing business in California if they meet the following conditions:

  • Are for-profit (generally speaking, non-profit organizations do not have to comply with CCPA unless they share branding or are controlled or owned by a for-profit organization);
  • Collect and control the processing of California consumers' personal information;
  • Do business in California, or target California consumers; and
  • Meet any one of the following conditions:
    • Have annual gross revenue in excess of $25 million,
    • Annually receive, buy, sell or share personal information of 50,000 or more consumers or households within California, or
    • Derive fifty percent or more of their annual revenue from selling personal information.

Who Has Rights under the CCPA?

The CCPA was passed by California lawmakers to give California consumers more control over their personal information (described above). The law defines a 'consumer' as a natural person who is a resident of California, and it also applies to California residents who are traveling outside of the state. The CCPA is designed to ensure that consumers have:

  • the right to be informed about what personal information is being collected about them, where it was sourced from, what it is being used for and whether their personal information is sold or disclosed;
  • the ability to opt-out of the sale of their personal information, request access to their personal information, request deletion of their personal information; and
  • protection against discrimination for exercising any of these rights.

Please note that not all of these rights listed above are absolute, and limitations/exceptions may apply in some cases. Businesses are required to provide a method to receive and respond to individual rights requests submitted by California consumers.

Honoring “Do Not Sell” Requests

As mentioned above, under the CCPA, consumers can request that businesses do not sell their personal information. The definition of ‘selling’ under the CCPA is very broad and includes “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.”

If you ‘sell’ personal information as defined by the CCPA, you are required to provide a link that says “Do Not Sell My Personal Information” or “Do Not Sell My Info” on your website’s homepage and within your privacy notice. If a consumer opts-out, you must honor their request and communicate it to third parties with whom you share the consumer’s information. To ensure that you are able to honor these “Do Not Sell” requests, it is important for you to understand how you collect and share personal information in all contexts.

To learn more about this requirement, and if you must comply with it, consult the CCPA website. To further understand your obligations to communicate to third parties, consult with your legal counsel.

Notice and Consent under the CCPA

Businesses are required to notify consumers of their rights under the CCPA, including their right to deletion, right to know, and data portability rights as well as how to exercise these rights. These required disclosures can be made via a privacy policy, in a CCPA-specific notice, or at the time the business collects the personal data. Before the CCPA goes into effect, you should make sure that your privacy notice accurately reflects your information sharing and business practices.

Businesses must also implement processes to respond to verified consumer requests and opt-out requests. Businesses must make at least two methods of submitting requests available to consumers including, at a minimum, a toll-free telephone number and a website address if the business maintains one. Businesses are also required to respond to consumers’ requests within the time limits set out in the CCPA.

Under the CCPA, businesses are required to inform consumers of the specific categories of personal information that are being collected and what the information is being used for. Businesses must provide another notice if additional categories of personal information are collected that were not previously disclosed, or if the collected information is being used for purposes unrelated to the original purpose. The CCPA website discusses these requirements in depth and what they mean for your business.

Third parties that receive personal information from businesses must provide consumers explicit notice and the ability to opt-out before selling personal information to another business.

Under the CCPA, there are only a couple of situations where opt-in consent is needed from consumers. If a company offers financial incentives in exchange for personal information, the consumer must opt-in. This could impact businesses that offer customers money in exchange for providing additional personal information. Businesses must also obtain opt-in consent from consumers that are under the age of 16 in order to sell their personal information.

How Is Bluehost Helping Me Comply with CCPA?

Bluehost wants to ensure that our products allow our customers to comply with their obligations under the CCPA. You should consult with your legal counsel regarding what your obligations may be under CCPA.

Where required, we will support you, as a Bluehost customer, in fulfilling CCPA related requests that you receive from your contacts.

What Is Bluehost Doing to Comply with the CCPA and Address Individual Rights Requests?

If you are a California consumer and exercise your CCPA rights as a Bluehost customer, Bluehost will respond in accordance with our Privacy Notice.
The Privacy Center explains what information we collect about you as a Bluehost customer and how we handle your personal information. This notice includes descriptions of how your personal information may be used by Bluehost. We suggest that you review how this applies to you. Note that as the CCPA is further revised, we may be updating our privacy notice to align with these changes.

What If You Have More Questions about the CCPA?

If you have specific questions about the assistance we can offer with the CCPA, please contact Support via 888-401-4678 or privacy@newfold.com.

Other Changes

You may be aware that the California legislature may further amend the CCPA. Additionally, the California Attorney General must finalize regulations in conjunction with certain provisions in the CCPA. These regulations will not go into effect until after the CCPA’s January 1, 2020, effective date.
Once these new rules are finalized, we will be reviewing our forms and features to provide our customers with the necessary tools to achieve compliance, if needed.

Remember: The information above is meant to guide you through the process of understanding the CCPA and is not a substitute for legal advice. Find more information on the CCPA website.
Knowledgebase Article 81,423 views bookmark tags: ca california ccpa consumer


Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

Domain Privacy for .us Domains

The WHOIS database shows my personal information for my .us domain names. How do I get privacy for the .us domain?

What Is Domain Privacy Protection? GDPR Domain Masking and Whois Privacy

WHOIS Domain Privacy for domains registered with Bluehost

How do I enable or disable privacy for a .UK domain?

What is required to modify Domain Privacy for a .UK domain.

Related Help Content

Domain Privacy for .CA Domains

How to enable or disable privacy for a .CA domain

SiteLock - Security for Small Business

This article will explain the benefits of SiteLock for small businesses.

Using autoresponder to form submissions on website

How to collect my visitor's name/email from a page within my site and store that info for use in an autoresponder.

GDPR

GDPR stands for General Data Protection Regulation. This law was proposed by the European Union (EU), and will go into effect May 25, 2018. What is GDPR, and what do you need to know to prepare for it

Domain WHOIS Update and Verification

Per ICANN, your contact information is included on the domain's record in the WHOIS database required information includes your full name, postal address, email address, and voice telephone number

Domain Name FAQ

Frequently Asked Questions about Managing your Domain Names

How to Upload an SSL Certificate to SiteLock

This article will explain the process for uploading an SSL Certificate to SiteLock's dasboard. The steps for accessing the SSL Manager may vary depending on which user interface your account uses.

Setting file and user permissions

Short tutorial on how to set file and user Permissions in cPanel.