California Consumer Privacy Act (CCPA)

Last update: 2023-04-21
  • Created for:
  • Experienced
    Admin
    Developer
NOTE

This is one in a series of topics to help Adobe Commerce and Magento Open Source merchants and developers understand the implications of the California Consumer Privacy Act (CCPA). The information is intended for informational purposes only and should not be construed as legal advice. Consult with your legal counsel to determine whether and how your business should comply with any legal obligations.

The CCPA expands the rights of consumers in California to determine how their personal information is collected, stored, and used, with an emphasis on protecting consumers from the unauthorized sale or exchange or their personal information. The CCPA was enacted in 2018 and is effective as of January 1, 2020.

The CCPA grants the following new rights to consumers:

  • Right to know the categories of personal information about them that was collected, used, shared, or sold in the past 12 months.
  • Right to delete certain types of personal information that is held by a business and/or their service providers.
  • Right to opt out of the sale of their personal information.
  • Right to non-discrimination in terms of price or service for having exercised a privacy right under CCPA.

CCPA compliance

Developing and implementing a CCPA compliance plan requires a coordinated effort. We encourage merchants to assemble a cross-functional team, and follow the roadmap outlined in CCPA Compliance Guide to bring their company into compliance with the regulation. As a developer, you might be invited to participate as a stakeholder with an emphasis on steps 2 through 5 of the process. See the CCPA Compliance Guide for more information.

  1. Assemble a cross-functional team to address CCPA compliance.

  2. Take inventory of digital properties.

  3. Map the customer journey and data collection processes.

  4. Establish procedures and mechanisms to respond to customer requests.

  5. Write the content for the required CCPA customer notifications.

  6. Review agreements with service providers.

  7. Update the privacy policy.

  8. Document all CCPA-related procedures and maintain records.

Personal information reference

For technical information, see the dataflow diagrams and database entity mappings in the Personal Information Reference that applies to each version of Adobe Commerce or Magento Open Source that you support.

On this page