California residents can now request that companies delete their data

The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. This law gives consumers specific rights to their data, including the right to prevent companies from selling their personal info. It's designed for California consumers specifically, but many companies aren't restricting it to California only.

The CCPA applies to all for-profit companies that have $25m in annual revenue, and have at least 1 consumer/customer that is a California resident. (There are a few other criteria that can apply to companies, but these are the main ones)

These rights include:

-Right to request deletion of personal information
-Right to opt-out of the sale of personal information
-Right to know about personal information collected, disclosed, or sold

On the business' website they MUST include a conspicuous link that says "Do Not Sell My Personal Information" or "Do Not Sell My Info". From there it should take you to an online form where you can submit your request.


A lot of companies are opting NOT to comply because fines aren't in place until July. They want to see what happens, or if consumers even care about their data. Let's prove them wrong. Go to all the websites you'd like to either not have your data, or at least like to see what they have on you, and submit a request. If they DON'T have a link that says "Do Not Sell My Info" or a portal directly on their website, send an email to the address listed in their privacy policy notifying them they are in violation of the law.





Here are some direct excerps of the law that are most relevant:

-Notify consumers that data is being collected, and for what purpose. A business shall not use a consumer's personal information for any purpose other than those disclosed in the notice at collection.

-A business shall post the notice of right to opt-out on the Internet webpage to which
the consumer is directed after clicking on the "Do Not Sell My Personal Information"
or "Do Not Sell My Info" link on the website homepage or the download or landing
page of a mobile application.

-A business that substantially interacts with consumers offline shall also provide notice
to the consumer by an offline method that facilitates consumer awareness of their right
to opt-out. Such methods include, but are not limited to, printing the notice on paper
forms that collect personal information, providing the consumer with a paper version
of the notice, and posting signage directing consumers to a website where the notice
can be found.

-A business can offer a consumer a financial incentive for allowing the business to continue to use their personal info. The purpose of the notice of financial incentive is to explain to the consumer each financial incentive or price or service difference a business may offer in exchange for the retention or sale of a consumer's personal information so that the consumer may make an informed decision on whether to participate.

-Right to request deletion of personal information
-Right to opt-out of the sale of personal information (if personal information is sold)
-Right to know about personal information collected, disclosed, or sold

-A business shall provide two or more designated methods for submitting requests to know, including, at a minimum, a toll-free telephone number, and if the business operates a website, an interactive webform accessible through the business's website or mobile application. Other acceptable methods for submitting these requests include, but are not limited to, a designated email address, a form submitted in person, and a form submitted through the mail.

-A business shall use a two-step process for online requests to delete where the consumer must first, clearly submit the request to delete and then second, separately confirm that they want their personal information deleted.

-A business that has actual knowledge that it collects or maintains the personal information of children under the age of 13 shall establish, document, and comply with a reasonable method for determining that the person affirmatively authorizing the sale of the personal information about the child is the parent or guardian of that child. This affirmative authorization is in addition to any verifiable parental consent required under the Children's Online Privacy Protection Act

-A business that has actual knowledge that it collects or maintains the personal information of minors at least 13 and less than 16 years of age shall establish, document, and comply with a reasonable process for allowing such minors to opt-in to the sale of their personal information



https://en.wikipedia.org/wiki/Cal...rivacy_Act