CCPA/CPRA Compliance Service

Does The California Consumer Privacy Act/California Privacy Rights Act Apply To You? (It might not.)

The CCPA -- and now the CPRA -- are strong and carry high penalties for violations, but they might not apply to your company.

While the GDPR applies to all business websites, the CCPA (recently superseded by the CPRA) only applies to a small subset of companies that do business with California Consumers. If you don’t meet at least one of these three thresholds, then the CCPA/CPRA may not apply to you and your company. If it does apply to you, then compliance is mandatory. Here are those thresholds:

Your company has information on 100,000 or more individuals, households or devices in California.

Your company makes half or more of its revenue from selling consumer data.

Your company (including subsidiaries) has annual revenues of $25 million or more.

What Actually is the CCPA and CPRA?

The CCPA is a California privacy law that went into effect on January 1, 2020. The CPRA became effective in 2023 and its intention was to mostly strengthen the requirements and penalties of the CCPA. Its intention is to protect the privacy of California Consumers, beginning with the data created and collected on websites, and extending into the companies where the data is stored. The CPRA defines several new Privacy Rights for California Residents, some of which are very similar to those of the GDPR. 

  • Right to be Informed – To know what personal data is collected, and whether this information is sold or disclosed, and to whom.
  • Right to Restrict – The right to decline to allow the sale or use of their personal data.
  • Right of Access – Access to their personal information.
  • Right to be forgotten – Have their personal information deleted.
  • Right of Non-Discrimination – No discrimination if you exercise your privacy rights under the CPRA.

…and there are others. And these rights not only apply to data collected on a website, but data stored anywhere by the company.

California Consumer Privacy Act Compliance

What If My Business Is Not Based in California?

The purpose of the CPRA is not necessarily to regulate California companies but to protect California residents. If your company serves California residents, or if your website can be reached by California residents, and your company meets the thresholds listed above, then the CPRA applies to your company.

And just like the European GDPR applies to websites around the world, so does the CPRA potentially apply to all companies in the world. 

Do You Need Our CCPA/CPRA Compliance Services?

The sooner your website becomes CCPA/CPRA Compliant, the lower your chances of legal trouble. Request a Consultation today and let's get started.

Why the CCPA and CPRA Were Created ?

Why CCPA was created

The reasoning behind the creation of the CCPA and CPRA are similar to the reasoning behind the GDPR.

In the short history of the Internet, companies have been on a mad dash to collect, own and analyze consumer data.

The more a company knows about each person — or more importantly, the more a company knows about groups of people — the more money it can make.

And so the underlying premise used to be that the companies who collect the data about you actually own the data about you. But not any more. The CCPA, CPRA, and other privacy laws like Europe’s GDPR, now say that YOU own the data about YOU.

And since you own your own data, you have certain rights with respect to that data.

What Are The Risks Of CCPA/CPRA Non-Compliance?

The CCPA has strict reporting requirements in the event of a data breach, and the CPRA just made them more severe. The penalties for a breach are at one level if you complied with the CCPA and CPRA and took the recommended steps to prevent breaches, but the penalties are much more expensive if you avoided compliance. Most business owners spend almost as much time reducing or avoiding risk as they do generating revenue. But some still prefer to take on the risks and roll the dice.

If that’s you, you might be lucky and go years without a data breach, or without ever having to comply with a CCPA or CPRA rights request. But the day you do, you will most certainly regret not having prepared for it.

So what are the penalties or damages allowed under the CCPA and CPRA?

  • Fines for Non-Intentional Violations. Up to $2500 per violation.
  • Fines for Intentional Violations. Up to $7,500 per violation.

For each of the above, a “Violation” is the breach of each individual data record. But it could also be a simple failure to honor a rights request, such as the Right to Forget. So, if you ignore a dozen rights requests, your penalties could be $36,000 or more. And if you have just 1,000 customer files that are breached, you’re in the many millions of dollars in potential fines.

  • Private Lawsuits: The CCPA and CPRA both differ from the GDPR in that it allows for private individuals to sue a company if their data is breached.

Statutory damages are between $100 and $750 per consumer, per incident. Add Attorneys Fees and other costs, and it can get very expensive, very quickly.

Pricing

Ask about our significant discounts when you combine our CCPA/CPRA compliance service with our GDPR compliance service

Our CCPA/CPRA Compliance Service begins with a CCPA/CPRA Data Audit, Privacy Software Installation & Configuration, Creation of CPRA-required Legal notification pages, and our CPRA Cookie Consent System. Our service continues with our monthly “Gold” Security Assurance Services, which you can read more about here.

Small & Growing Businesses

Websites up to 100 Pages
$ 199 Monthly
  • $995 Installation
  • Up to 3 Hours Privacy Compliance Consulting & Configuration
  • 1 Hour of Website Updates, Monthly
Popular

Large Businesses

Websites up to 500 Pages
$ 299 Monthly
  • $1295 Installation
  • Up to 4 Hours Privacy Compliance Consulting & Configuration
  • 2 Hours of Website Updates, Monthly

Corporate Businesses

Websites up to 1000 Pages
$ 399 Monthly
  • $1495 Installation
  • Up to 5 Hours Privacy Compliance Consulting & Configuration
  • 3 Hours of Website Updates, Monthly

Note: Pricing listed above is per subdomain. For example, www.MyDomain.com and account.MyDomain.com are separate subdomains and each requires separate software, separate effort and separate purchases. This service is provided for WordPress Websites Only. Except for third party payment processors or forms or emailing systems integrated directly into the Supported Website(s), any data (or reference to data) initially collected by, or processed by other subdomains, client websites, third-party websites, systems, machinery or other methods is not included in our services.

Our CCPA/CPRA Compliance Service Includes...

The CCPA/CPRA is a whole-company data privacy initiative that involves legal, technical and policy changes about how your company handles data internally. The “front end” parts of the CCPA and CPRA are implemented on your website. That’s what we can do for you.

So our CCPA/CPRA Compliance Service, which is designed for WordPress websites, puts us on your company’s Privacy Compliance Team. And as part of your Team, this is what we will do for you:

Planning & Strategy Phase

Consultation

Introductory Web Conference Call, Site Interview, and Site Access Information discussion.

Data Assessment

We will determine what data is collected and where & how it is stored on your website.

Software Review

We will review the software on your site, including WordPress Core, Plugins, and Themes.

Security Assessment

We assess how secure your website is and then we create a plan to improve your security.

Implementation Phase

Legal Documents

Customized CPRA-compliant Privacy Statement(s) and Cookie Policy(ies) for your website.

"Do Not Sell"

Add a "Do Not Sell My Information" link on your website and a form to process the requests.

Forms Compliance

Modify all of your online forms to include explicit privacy acknowledgement.

Firewall Protection

Install and configure firewall software to help protect your site from hacks and breaches.

Data Security And The CCPA & CPRA

Like the GDPR, the CCPA and CPRA require that you keep your data secure, so we include our monthly Security Assurance Service as part of our CCPA/CPRA Compliance Service. It’s designed to keep WordPress websites secure and their data safe. The service includes…

  • Daily backups of your website
  • Weekly updates of all the software on your website
  • Maintenance of your software firewall to prevent intruders
  • One to Four hours of website updates or technical support each month
  • 10% discount on additional hourly work
  • If your website is ever hacked, we will either remove the malware or restore the site from our latest good backup for free.

These services are designed to help secure your website’s data.

Cyber Security Bonus

You are also required to keep your internal company network secure in order to prevent data breaches there, where phishing, ransomware, and data exfiltration are a constant threat. So we have arranged with a top Los Angeles Cyber Security firm to provide for you, free of charge:  

  • An internal company GDPR, CCPA and CPRA Cyber Security Overview, which will give you a brief, overall picture of your company’s security readiness, and point out your greatest vulnerabilities.

The certificate has a value of $200, but it is yours free as a bonus when you sign up for our CCPA/CPRA or GDPR front end compliance services. 

Do You Need Our CCPA/CPRA Compliance Services?

The sooner your website becomes Compliant, the lower your chances of legal trouble. Request a Consultation today and let's get started.