This page has moved and will be redirected soon. See Migrated topics for the complete list.

California Consumer Privacy Act

This is one in a series of topics to help Magento merchants and developers understand the implications of the California Consumer Privacy Act (CCPA). The information is intended for informational purposes only and should not be construed as legal advice. Consult with your legal counsel to determine whether and how your business should comply with any legal obligations.

The California Consumer Privacy Act (CCPA) expands the rights of consumers in California to determine how their personal information is collected, stored, and used, with an emphasis on protecting consumers from the unauthorized sale or exchange or their personal information. The CCPA was enacted in 2018 and is effective as of January 1, 2020.

The CCPA grants the following new rights to consumers:

  • Right to know the categories of personal information about them that was collected, used, shared, or sold in the past 12 months.
  • Right to delete certain types of personal information that is held by a business and/or their service provider(s).
  • Right to opt out of the sale of their personal information.
  • Right to non-discrimination in terms of price or service for having exercised a privacy right under CCPA.

CCPA Compliance Guide

Developing and implementing a CCPA compliance plan requires a coordinated effort. We encourage merchants to assemble a cross-functional team, and follow the roadmap outlined in CCPA Compliance Guide to bring their company into compliance with the regulation. As a developer, you might be invited to participate as a stakeholder with an emphasis on steps 2 - 5 of the process. See the CCPA Compliance Guide for more information.

  1. Assemble a cross-functional team to address CCPA compliance.

  2. Take inventory of digital properties.

  3. Map the customer journey and data collection processes.

  4. Establish procedures and mechanisms to respond to customer requests.

  5. Write the content for the required CCPA customer notifications.

  6. Review agreements with service providers.

  7. Update the privacy policy.

  8. Document all CCPA-related procedures and maintain records.

Personal Information Reference

For technical information, see the data flow diagrams and database entity mappings in the Personal Information Reference that applies to each version of Magento that you support.