California Consumer Privacy Act
  • 31 Mar 2023
  • 1 Minute to read
  • Dark
    Light
  • PDF

California Consumer Privacy Act

  • Dark
    Light
  • PDF

Article summary

The California Consumer Privacy Act (CCPA) came into effect on January 1, 2020, and became enforceable on July 1, 2020. It is the first comprehensive consumer privacy legislation enacted in the US. Although it applies only to a small tranche of businesses, we expect broader legislation in California and other states. Here are some key considerations your winery should know about the CCPA.

Who's implicated by CCPA?

All for-profit businesses that operate in California that meet one of the following criteria:

  • Annual revenue of $25M or more;
  • Receive or share data from at least 50,000 California consumers; or
  • Make most of their revenue by selling personal data.

It's important to note that you don't need to be based in California for the law to impact you. As long as you interact with significant amounts of California residents and their private data, you need to comply with CCPA.

What does CCPA compliance mean?

CCPA requires impacted businesses to boost their data privacy standards and change their management process. This can range from prompting customers to agree to your website's cookies policy to ensure customers can access and control their data. Specifically, you need to:

  • Notify people (including website visitors and customers) data subjects that you're collecting their data;
  • Obtain voluntary consent from that person to collect their data;
  • Enable customers to opt out of your data use; and
  • Accurately and promptly purge any data you no longer have the right to process.

What are the consequences of CCPA non-compliance?

CCPA will be enforced with fines of up to $7,500 per violation. Companies that breach the law's regulations are also at risk of private lawsuits of up to $750 from each customer whose data was mishandled. Any non-compliant companies might also lose the trust of their customers, particularly as awareness rises.

How to handle opt-out requests:

If a customer sends an opt-out request to remove their data from your winery, you can fill out our opt-out request form here.

* This form does not use your WineDirect Admin Panel credentials. The first time you make an opt-out request, you must create a username and password by clicking 'Sign up.' 

Requests can take up to 45 days to complete. Timely reporting of opt-out requests is required by law. With fluctuating requests, best practice is to report to WineDirect as soon as possible. 


Was this article helpful?