This is one in a series of topics to help Adobe Commerce and Magento Open Source merchants and developers understand the implications of the California Consumer Privacy Act (CCPA). The information is intended for informational purposes only and should not be construed as legal advice. Consult with your legal counsel to determine whether and how your business should comply with any legal obligations.
The CCPA expands the rights of consumers in California to determine how their personal information is collected, stored, and used, with an emphasis on protecting consumers from the unauthorized sale or exchange or their personal information. The CCPA was enacted in 2018 and is effective as of January 1, 2020.
The CCPA grants the following new rights to consumers:
Developing and implementing a CCPA compliance plan requires a coordinated effort. We encourage merchants to assemble a cross-functional team, and follow the roadmap outlined in CCPA Compliance Guide to bring their company into compliance with the regulation. As a developer, you might be invited to participate as a stakeholder with an emphasis on steps 2 through 5 of the process. See the CCPA Compliance Guide for more information.
Assemble a cross-functional team to address CCPA compliance.
Take inventory of digital properties.
Map the customer journey and data collection processes.
Establish procedures and mechanisms to respond to customer requests.
Write the content for the required CCPA customer notifications.
Review agreements with service providers.
Document all CCPA-related procedures and maintain records.
For technical information, see the dataflow diagrams and database entity mappings in the Personal Information Reference that applies to each version of Adobe Commerce or Magento Open Source that you support.