What is the CCPA and How Does it Affect your Business?

This is one for all of our customers that have user data on Californians who worrying about CCPA.

What is CCPA?

CCPA is California’s Consumer Privacy Act. So if you have Californians’ user data then you probably already know about it. The concerns for most businesses are the potential fines and private legal action against companies that do not comply with CCPA.

The CCPA is coming into force on January 1st 2020. Every business storing personal data on Californians needs to be compliant, and we wanted to update you on what 10to8 online booking system is doing to help you out. It is particularly relevant to businesses with a turnover of over $25m OR that have personal data of over 50,000 people per year. The latter is quite an easy threshold to reach if you’re managing a busy appointment-based business. Read more about the CCPA here.

The act puts in place new measures to make sure people can know what data is stored about them and how it is used. Furthermore, they can have control over whether their data is sold to third parties, and they are able to request the deletion of their information. You must have at least two ways clients can contact you to do this. 

If you do sell user data to third parties, that’s another area that will require significant attention for the CCPA. You need to provide relevant information to your clients on how you do it and why in addition to potentially altering your pricing structures to ensure that they are nondiscriminatory.

Security at 10to8

You’ll be glad to know that at 10to8 we take compliance and data security seriously. We never sell data to third parties and we try to go above and beyond what is necessary to keep your clients’ data safe. 

We also have several tools to help you manage your booking data. The most important part of these regulations for most booking and scheduling businesses using 10to8 will be consent and access & delete.

• You must ensure that your business has consent to use a customer’s data and they are informed as to how you use it (especially if you, or an app you use for their data, sell their data to third parties).
• Allow your clients to access & delete their data if they ask. This includes having opt-outs for data being sold to third parties and having clear privacy policies in plain language (including relevant languages for the business, e.g. Spanish).

We have prepared an FAQ and an article discussing the upcoming changes, what the CCPA means for your business and how you can use 10to8 to help achieve compliance. We’ve also prepared a CCPA  checklist for you. 

Please note it’s your responsibility to use 10to8 appointment scheduling software in a CCPA compliant way and we can’t give you legal advice on your specific business circumstances!

Important things to think about with the California Consumer Privacy Act

• Make sure you know the ‘purpose’ of the information that you have and use
• Know what data you have and who you share it with, especially if it is sold to third parties.
• Have a privacy policy that complies with the CCPA guidance, and have it clearly presented whenever you collect users’ data
• Have consent from all your customers to use their data for the purpose for which you hold it (i.e. your privacy policy), including opt-outs if you sell their data to third parties
• Be ready to respond to requests for access and deletion of client data
• Read up on CCPA, there’s lots of helpful information online to help you get your business ready. You can find a copy of the regulation here.

To find out more about how we take compliance and data security seriously at 10to8, read our blog articles:

• 10to8’s journey to GDPR
• Protecting sensitive medical data under HIPAA