California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) came into effect on January 1, 2020 and becomes enforceable on July 1, 2020. It is the first comprehensive consumer privacy legislation to be enacted in the US. Although it currently applies only to a small tranche of businesses, we expect broader legislation in California and other states in the future. Here are some key considerations your winery should know about the CCPA.

Who's implicated by CCPA?

All for-profit businesses that operate in California that meet one of the following criteria:

  • Annual revenue of $25M or more;
  • Receive or share data from at least 50,000 California consumers; or
  • Make most of their revenue by selling personal data.

It's important to note that you don't need to be based in California for the law to impact you. As long as you interact with significant amounts of California residents and their private data, you need to comply with CCPA.

What does CCPA compliance mean?

CCPA requires impacted businesses to boost their data privacy standards and change their management process. This can range from prompting customers to agree to your website's cookies policy to ensuring customers can access and control their own data. Specifically, you need to:

  • Notify people (including website visitors and customers) data subjects that you're collecting their data;
  • Obtain voluntary consent from that person to collect their data;
  • Enable customers to opt out of your data use; and
  • Accurately and promptly purge any data which you no longer have the right to process.

What are the consequences of CCPA non-compliance?

CCPA will be enforced with fines of up to $7,500 per violation. Companies that breach the law's regulations are also at risk of private lawsuits of up to $750 from each customer whose data was mishandled. Any companies that are non-compliant might also lose the trust of their customers, particularly as awareness rises.

How to handle opt-out requests:

If a customer sends an opt-out request to remove their data from your winery, you can fill out our opt-out request form here

* Please note that this form does not use your WineDirect Admin Panel credentials. The first time you make an opt-out request, you'll need to create a username and password by clicking 'Sign up'. 

Requests can take up to 45 days to complete. Timely reporting of opt-out requests is required by law. With fluctuating volumes of requests, best practice is to report to WineDirect as soon as possible.