Do Not Sell My Personal Information Link for California

Organizations doing business subject to the California Consumer Privacy Act (CCPA) will need to provide a clear and conspicuous link titled “Do Not Sell My Personal Information” on their homepage and in their privacy policy in order to meet the requirements of the new CA privacy law starting January 1, 2020.

The link must go to an Internet Web page enabling a consumer to opt out of the sale of their personal information. Personal information is information that identifies or relates to a particular consumer or household including, but not limited to, name, postal address, email address, IP address, social security number, personal property records, purchasing histories, biometric information, internet activity such as browsing or search history, geolocation data, employment information, education information and inferences drawn from this information, in so far as it is not publicly available information.

Although we refer to it here as a link, the California Attorney General was given the power to develop a “recognizable and uniform opt-out logo or button by all businesses to promote consumer awareness” of the opt-out. If the Attorney General constructs a logo or button and releases it as part of the final regulations, then the approved logo or button should be used by businesses.

The law applies to businesses with over $25 million in revenue, those handling information from 50,000 consumers, or deriving 50%+ annual revenue from selling consumer personal information.

GET OUR FREE WHITE PAPER ON THE NEW CALIFORNIA LAW …

Businesses that maintain a separate homepage dedicated to California consumers can forego putting the Do Not Sell My Personal Information link on the homepage so long it puts the links on the California specific page and takes reasonable steps to ensure California consumers are directed to the California page and not the homepage provided to the general public (without the link).

Businesses are not allowed to require a consumer to create an account in order to complete the opt-out process. Businesses are also not allowed to use information gathered during the opt-out process from the consumer for other purposes besides complying with the opt-out request.

If a consumer opts out of the sale of personal information, the business must refrain from selling the personal information collected by the business and respect the decision to opt out for at least 12 months before requesting that the consumer opt-in to the sale of their personal information.

Businesses also must ensure that all individuals handling consumer inquiries about privacy practices or compliance are informed of the law and know how to direct consumers to exercise their rights.

Play-Video-Blog

Consumers may authorize another person to opt out of the sale of their personal information on the consumer’s behalf. Businesses must comply with an opt out request from such an authorized person.

The California Attorney General may develop additional clarifying regulations through a public comment process before the law goes into effect in 2020. The draft regulations are anticipated in Fall 2019 with an additional public comment period following it.

Learn-More-Blog

Learn more about California’s new law: