Jump to content

Community

Fast Lane!

CCPA Compliance (next big GDPR) on IPB?

Recommended Posts

Posted (edited)

How are things looking for compliance on IPB?  This is pretty huge... and takes effect on Jan 1, 2020 (3 months).  Right up there or worse than GDPR. Under CCPA individuals can sue companies for CCPA violations. So far more unbounded costs. 

https://www.cnbc.com/2019/10/05/california-consumer-privacy-act-ccpa-could-cost-companies-55-billion.html

Edited by Fast Lane!

Share this post


Link to post
Share on other sites
8 hours ago, Fast Lane! said:

More information on compliance. Wowsers.  Seems like many if not the majority of sites will fall under CCPA.

https://www.dickinson-wright.com/news-alerts/californias-data-privacy-law

From the same link that you posted: 

 

Not all business qualify. To fall within the scope of the CCPA, the business must also meet one of the additional three criteria:

  • Have $25 million or more in annual revenue; or
  • Possess the personal data of more than 50,000 “consumers, households, or devices” or
  • Earn more than half of its annual revenue selling consumers’ personal data.

Share this post


Link to post
Share on other sites
Posted (edited)
2 hours ago, Joel R said:

From the same link that you posted: 

 

Not all business qualify. To fall within the scope of the CCPA, the business must also meet one of the additional three criteria:

  • Have $25 million or more in annual revenue; or
  • Possess the personal data of more than 50,000 “consumers, households, or devices” or
  • Earn more than half of its annual revenue selling consumers’ personal data.

Check Google analytics.  I'll bet that many people had a least 50k user's last year. That's easy to do.  Doesn't have to be registered members (collecting IP address alone on your server, or data via Google Analytics is enough to qualify).

 

Also, since advertising ads from AdSense or frankly ad any provider includes collecting data and sharing it with a 3rd party, then if you received more than 50% of your revenue from advertising (and are based in CA) then you also fall under CCPA.  I would bet the lion share of forum owners have more than 50% of their revenue from advertising.   If you made $100 last year and $50.01 was from ads then you qualify.  Any revenue over a penny counts.  

It's super easy to fall under CCPA. Even for small sites. 

Edited by Fast Lane!

Share this post


Link to post
Share on other sites
Posted (edited)

As an aside. IPB itself surely falls under CCPA under clause 2.  If you go to Analytics and check user location by country and then by state, I bet you had more than 50k users in the last year.  Again, not registered members or paying customers. Just user's.  Guests included. That means you now fall under CCPA and any CA user's has rights under CCPA they can impose on you. 

Edited by Fast Lane!

Share this post


Link to post
Share on other sites
Posted (edited)

What data does the CCPA cover?

The California law takes a broader approach to what constitutes sensitive data than the GDPR. For example, olfactory information is covered, as well as browsing history and records of a visitor's interactions with a website or application. Here’s what AB 375 considers “personal information”:

  • Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier IP address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers
  • Characteristics of protected classifications under California or federal law
  • Commercial information including records of personal property, products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies
  • Biometric information
  • Internet or other electronic network activity information including, but not limited to, browsing history, search history and information regarding a consumer’s interaction with a website, application or advertisement
  • Geolocation data
  • Audio, electronic, visual, thermal, olfactory or similar information
  • Professional or employment-related information
  • Education information, defined as information that is not publicly available personally identifiable information (PII) as defined in the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)
  • Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities and aptitudes

What happens if my company is not in compliance with the CCPA?

Companies have 30 days to comply with the law once regulators notify them of a violation. If the issue isn't resolved, there's a fine of up to $7,500 per record. "If you think about how many records are affected in a breach, it really increases very quickly," says Debra Farber, senior director for privacy strategy at BigID. Since the bill was put together and passed in just a week, it will probably see some amendments, she adds. "Things like the fine amounts are likely to change."

There's also another potential financial risk, Farber says. "The bill provides for an individual's right to sue, for the first time " she says. "And it allows class action lawsuits for damages."

Again, there's a 30-day window that starts when the consumers give written notice to a company that they believe their privacy rights have been violated. "If it's not cured, and the attorney general declines to prosecute, then they can bring a class action suit," Farber says. "And it's not just around breaches."

 

So if an IPB board makes $20 bucks a year and resides in CA, and has 15 CA members, and fails to comply with CCPA then the fine is $7500 x 15 = $112,500.

Edited by Fast Lane!

Share this post


Link to post
Share on other sites

With all the GDPR FUD that was out there I wonder how many admins here have felt the hammer fall and been sanctioned by the EU. :rolleyes: Has anyone here been served with a lawsuit yet? :rolleyes: 

I like PGE's approach after its equipment was blamed for the wildfires: Shut off power in areas where risk of fire is high on a given day. I think that's great. Open the wallet and pay for a generator...or be without power on those days. 

Share this post


Link to post
Share on other sites
6 minutes ago, Adriano Faria said:

Internet is becoming a real PITA with all these boring regulations! Glad I’m not from Eu or CA. 🤣

Kinda doesn't matter.  If you have a CA user (even if they are traveling in FL) you fall under CCPA. It's crazy but that's how it's written. 

Share this post


Link to post
Share on other sites

Isn't CA great? You could go there and be hit by a drunk illegal alien with no license and no insurance and have no recourse, or you be running a little website and be here on the support community forums sweating some Californian's cookies while he's away from home in Florida. Too much, lol

Share this post


Link to post
Share on other sites
Posted (edited)

You just have to wonder if the big guys... FB, Twitter, LinkedIn etc.. are behind this knowing it will cause even 25% of their small time competitors to just dry up?

As someone mentioned before... the risk/reward of owning a website/forum versus just being a user on some larger corporate owned one is changing fast.

Reconsidering this whole venture now with my 16,000 users.....

 

Edited by TheWorldNewsMedia.org

Share this post


Link to post
Share on other sites
6 minutes ago, TheWorldNewsMedia.org said:

You just have to wonder if the big guys... FB, Twitter, LinkedIn etc.. are behind this knowing it will cause even 25% of their small time competitors to just dry up?

As someone mentioned before... the risk/reward of owning a website/forum versus just being a user on some larger corporate owned one is changing fast.

Reconsidering this whole venture now with my 16,000 users.....

Anyone know if it actually passed or not yet?

Yes over a year ago.  It was approved by the legislator and signed into law by the governor. It goes into effect Jan 1. All the talk of changes are just about amendments. 

Share this post


Link to post
Share on other sites
Posted (edited)
13 minutes ago, TheWorldNewsMedia.org said:

You just have to wonder if the big guys... FB, Twitter, LinkedIn etc.. are behind this knowing it will cause even 25% of their small time competitors to just dry up?

As someone mentioned before... the risk/reward of owning a website/forum versus just being a user on some larger corporate owned one is changing fast.

Reconsidering this whole venture now with my 16,000 users.....

 

It's not how many registered users you have. It's how many users including gusts visit your site in a whole year. If one person visits from their phone, work computer and laptop then that counts as 3 (since it's devices or users).

Ultimately we needs solution from IPB of some sort or it will be a major turn off for people running the IPB suite. Given the complexity of being compliant and that it basically effects everyone, I'm sure they will do something -- I hope.  Eager to see their response to this thread.

Edited by Fast Lane!

Share this post


Link to post
Share on other sites

Wowzers is right!

I think this just might be the death knell for my once great internet aspirations. Why risk MASSIVE fines or even lawsuits to earn $100/month?

Now... just invest in the big guys... since they are only going to get bigger now after this.

Imagine all the hours of every user across all the IPS sites.... now imagine 30% quit due to this draconian law...... millions of eyeball hours now going back Facebook, Twitter etc... who have the lawyers to fight this sort of law.

Big guys win... little guys lose.... same old story.

Share this post


Link to post
Share on other sites

Ironic that foreign communist states weren't able to censor our website... but California basically closes it down by making the risk/reward of using ads to monetize a website a no-brainer.

Remember when the "Internet" had the promise of democracy built into it?  Now it has become the enabler of monopolies, mobs and state censorship. Truly sad.

Share this post


Link to post
Share on other sites

I have started a thread to the larger public (beyond Invision Community) about this threat:

List of Websites that will be closing down on 12/31/2019 if the CCPA is not amended.

https://www.theworldnewsmedia.org/topic/85387-list-of-websites-that-will-be-closing-down-on-december-31-2019-if-california-doesnt-amend-the-ccpa/?tab=comments#comment-135676

Share this post


Link to post
Share on other sites
5 hours ago, Adriano Faria said:

What exactly do you expect IPS can do at a software level? 

Add features to support compliance. If you read what's required there are several items that are fairly technical in nature and can only be done at the core suite level. Many are the same as what they added for GDPR. Some are new. 

IPB made a huge deal about adding tools to support GDPR so I expect they will repeat this for CCPA. It's in their own interest as lack of support would likely scare both new and existing clients away from even running a forum. 

Share this post


Link to post
Share on other sites

Frankly, most of the protections very strongly mirror GDPR so I'm not seeing a lot of non-compliant functionality in place right now.

That said, I've ensured this is raised to the attention of those responsibility for reviewing and ensuring legal compliance so that it can be thoroughly vetted and checked. Thanks!

Share this post


Link to post
Share on other sites
3 minutes ago, bfarber said:

Frankly, most of the protections very strongly mirror GDPR so I'm not seeing a lot of non-compliant functionality in place right now.

That said, I've ensured this is raised to the attention of those responsibility for reviewing and ensuring legal compliance so that it can be thoroughly vetted and checked. Thanks!

Thanks.  I think there are changes to the current GDPR tools you have that will go a long way. 

Share this post


Link to post
Share on other sites
Posted (edited)

I don't even know what this is yet... BUT OMG am I tired of stupid regulations. PLEASE GO AWAY with this stuff big gov! .. Let me guess, EU again? UGH

EDIT: Great!! CALI-FREAKING-FORNIA!!! I should have known AHAHAHAHAH

And Guess where I live, yup... California and YES I have enough users to fall into this. FML!!!!

So tired of this crap! Why can't we just have a website without constant problems???

Edited by SJ77

Share this post


Link to post
Share on other sites
3 hours ago, SJ77 said:

I don't even know what this is yet... BUT OMG am I tired of stupid regulations. PLEASE GO AWAY with this stuff big gov! .. Let me guess, EU again? UGH

EDIT: Great!! CALI-FREAKING-FORNIA!!! I should have known AHAHAHAHAH

And Guess where I live, yup... California and YES I have enough users to fall into this. FML!!!!

So tired of this crap! Why can't we just have a website without constant problems???

Everything will be okay 🍺

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...