California has some of the strictest privacy laws in the nation. Because the United States currently does not have a nationwide federal data privacy law in place, states are free to enact their own consumer data privacy protections. Keeping up with these changes to the law, within California and other states, is time-consuming and expensive. Thankfully, a California privacy policy generator can help take the cost and effort out of California data privacy compliance.
SixFifty has created state-specific privacy tools, including tools to generate a privacy policy. Read on to learn more about California’s data protection laws, and how our proprietary privacy tools can make compliance a breeze.
Who is affected by California data privacy laws?
Both consumers and companies doing business in California are affected by the state’s data privacy laws. Currently, businesses, service providers, and third parties (a third party is any legal entity which does not meet the definition of “service provider” but receives personal information from a business) must comply with these laws.
Beginning in January 2023, the law will also apply to contractors as a specially defined group who are not lumped in with service providers. Contractors will be required to provide a certification that they understand California privacy restrictions and requirements and will comply with them.
California privacy laws define a “business” as a for-profit legal entity which:
- Collects consumers’ personal information, whether directly from consumers or indirectly;
- Either alone or jointly determines the purposes and means of data processing;
- Does business in California; and
- Meets one or more of the following thresholds:
- Annual gross revenue over $25 million;
- Annually buys, receives, sells, or shares personal information for 50,000 or more consumers, devices, or households (this threshold increases to 100,000 in 2023); or
- Derives half or more of its revenue from selling personal consumer information (or 50% of its revenue from the sharing or selling of personal information starting in 2023).
If you or your business meet these requirements, you’re expected to have a compliant privacy notice. Penalties include civil penalties, damages, non-monetary relief, and injunctions from the California Privacy Protection Agency, which has taken over enforcement from the Attorney General.
What’s the difference between privacy policies and privacy notices?
You might be wondering why you need two different documents. A privacy notice is the public document that you post for consumers to see. It outlines your personal information gathering practices, telling consumers what you do with their data. A privacy policy is an internal document that your employees follow. It tells them how they should handle consumers’ personal information.
How to comply with the CCPA and CPRA
The CCPA is the California Consumer Privacy Act, which went into effect in 2020. This privacy law provides consumers:
- The right to know about the personal information a business collects about them and how it is used and shared;
- The right to delete personal information collected from them (with some exceptions);
- The right to opt-out of the sale of their personal information and
- The right to non-discrimination for exercising their CCPA rights.
The California Privacy Rights Act (CPRA) amends the CCPA, and goes into effect on January 1, 2023. It includes additional privacy protections for consumers, with a look-back to January 2022. Consumers now have additional privacy rights, including:
- The right to opt out of the sharing of their personal information for the purpose of targeted advertising;
- The right to have their personal information ported;
- The right to correct inaccurate personal information; and
- The right to limit the use and disclosure of their personal information.
Businesses, service providers, third parties, and contractors who collect, store, and process consumer data in California need to amend their privacy policies and notices. Keep in mind that your notices must include the additional rights provided by the CPRA starting on January 1, 2023.
Is there a California privacy policy template?
Creating a California privacy policy and notice might be easier if you have a template. Unfortunately, one-size-fits-all privacy policies may not cover each applicable scenario. It’s also important that your company keep up with changes to privacy laws, such as the CPRA and additional regulations the CPPA is working on implementing.
SixFifty has created a California website privacy policy generator to address these needs. Instead of asking your in-house legal team to draft these documents and monitor changes to the law, or racking up billable hours with outside counsel, you can generate a comprehensive California privacy policy and notice quickly—plus, you’ll receive automatic notifications when you need to regenerate your documents. Our privacy tools are updated regularly. You’ll know whenever there are important changes to the law, and whether you need to further amend your privacy policy and notice.
Our software pairs technology with real legal expertise, so you’ll get a compliant policy in record time. Simply answer a series of questions, download the generated document, and have your lawyer review. It’s the easiest way to ensure compliance and avoid incurring hefty penalties.
Generate a California privacy policy with SixFifty
If your company does business in California and meets the CCPA/CPRA thresholds, you need a compliant privacy policy and notice. Compliance is easier than ever with SixFifty’s California privacy policy generator. In minutes, you’ll have a comprehensive document ready for legal review—and you’ll stay updated if the laws continue to change. Reach out to us today to schedule a demo, or learn more about our privacy tools!
