Jump to content

CCPA Compliance (next big GDPR) on IPB?


Fast Lane!
 Share

Recommended Posts

7 hours ago, TheWorldNewsMedia.org said:

Sorry.... but a gif saying everything will be "ok" doesn't quite cut it does it?

Work hard to make $100..... and almost unlimited risk if the wrong dept in CA focuses on your website?  How is it worth it again?

Risk/Reward... Hmmmm

I'm not sure why this isn't being taken as seriously as GDPR. It's huge.

Edited by Fast Lane!
Link to comment
Share on other sites

22 hours ago, TheWorldNewsMedia.org said:

Sorry.... but a gif saying everything will be "ok" doesn't quite cut it does it?

Work hard to make $100..... and almost unlimited risk if the wrong dept in CA focuses on your website?  How is it worth it again?

Risk/Reward... Hmmmm

No, it doesn't California Has gone totally bonkers. It's so stupid. Yet we keep voting for the same bozo's, I really don't understand it!!! Why is Newsome in office again? He's absolutely horrible.

Link to comment
Share on other sites

  • Management

As a corporate legalese disclaimer: while we try to provide basic tools to help you achieve compliance with relevant laws and regulations, the onus of ensuring compliance with your local jurisdiction and that of your visitors, falls upon you. If in doubt, we always recommend seeking out the service of a local attorney. 

CCPA is actually far less restrictive than the GDPR so there is no cause for hysteria (I will concede when I saw the headline months ago, I thought "oh dear, what is the United State of California up to now?" As far as California regulations go, this is actually fairly reasonable. 🙂

If you already comply with the GDPR, you really don't need to do much different for CCPA. The key takeaways, in our opinion, are:

- You must have a cookie policy. You seemingly do not need to obtain explicit consent, but I would recommend the cookie banner and you should always have a privacy policy. You do need to be transparent and document how you use cookies. 

- We have not built the software with the intention of mining and selling your user data and we have no plans of doing so. If you are selling or otherwise using user information for financial gain, there are in fact requirements under the CCPA - notably a banner or similar disclaimer that allows the visitor to prohibit you from selling the information. That is up to you to work out and not within the scope of Invision Community. 

- As with the GDPR, the rules can change when you get into third party advertising, what the third party is receiving and how it is being used. Again, it is unfortunately up to you to ensure compliance. 

- Similar to the GDPR, the CCPA does provide for a right-to-erasure. It is important to note that just because someone says "I want my account deleted" - that does not mean you are legally required to do so under all circumstances and this is true with the GDPR as well. For example, we will not purge the record of a recent customer. You should speak to your accountant regarding federal record keeping requirements, but federal law trumps the CCPA and even if that were not the case, the CCPA itself provides for exceptions. I've seen customers panic at a request and wipe a customer and their history, so don't be afraid to research and be mindful of your rights and obligations while still trying to respect your users'. 

The CCPA is largely aimed at promoting transparency and thwarting the unauthorized sale/misuse of data. There's nothing wrong with that and nothing to panic about. 

Again, we cannot account for the laws and regulations of every locale around the world. Even within the EU, different member states may have more stringent regulations than others. We try to help with basic universal compliance, but the software would fill a 1TB drive if we were to embark on China regulations, EU -> Great Britain regulations, EU -> Germany regulations, US -> Federal regulations, US -> California regulations, Russia regulations, etc. etc. Once we get past some universal functions like cookie banners, privacy/cookie pages and some basic member tools like export - you should take it from there based on advice from your own local counsel (not to be confused with the armchair experts with YouTube or Google law degrees!) 

I hope this helps. 

Link to comment
Share on other sites

20 minutes ago, SJ77 said:

Regardless, it's frustrating that the world is coming to a point where folks need to consult an attorney just to operate a basic web forum. 

I intentionally moved our server from out of CA after reading of a new internet bill which holds a server located in CA subject to penalty of law any information located on the server which IMO goes against the Liberal/Dem narrative. Religious groups for example are coming under fire. Basically anybody can put their face to an article and claim damages. 

I just thought it would be safer to remove our site from CA. I wouldn't doubt if organizations try to enforce the GDPR in America. That is, foreign laws on U.S. soil. 

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1424

Edited by Christforums
Link to comment
Share on other sites

On 11/4/2019 at 12:00 AM, Lindy said:

As a corporate legalese disclaimer: while we try to provide basic tools to help you achieve compliance with relevant laws and regulations, the onus of ensuring compliance with your local jurisdiction and that of your visitors, falls upon you. If in doubt, we always recommend seeking out the service of a local attorney. 

CCPA is actually far less restrictive than the GDPR so there is no cause for hysteria (I will concede when I saw the headline months ago, I thought "oh dear, what is the United State of California up to now?" As far as California regulations go, this is actually fairly reasonable. 🙂

If you already comply with the GDPR, you really don't need to do much different for CCPA. The key takeaways, in our opinion, are:

- You must have a cookie policy. You seemingly do not need to obtain explicit consent, but I would recommend the cookie banner and you should always have a privacy policy. You do need to be transparent and document how you use cookies. 

- We have not built the software with the intention of mining and selling your user data and we have no plans of doing so. If you are selling or otherwise using user information for financial gain, there are in fact requirements under the CCPA - notably a banner or similar disclaimer that allows the visitor to prohibit you from selling the information. That is up to you to work out and not within the scope of Invision Community. 

- As with the GDPR, the rules can change when you get into third party advertising, what the third party is receiving and how it is being used. Again, it is unfortunately up to you to ensure compliance. 

- Similar to the GDPR, the CCPA does provide for a right-to-erasure. It is important to note that just because someone says "I want my account deleted" - that does not mean you are legally required to do so under all circumstances and this is true with the GDPR as well. For example, we will not purge the record of a recent customer. You should speak to your accountant regarding federal record keeping requirements, but federal law trumps the CCPA and even if that were not the case, the CCPA itself provides for exceptions. I've seen customers panic at a request and wipe a customer and their history, so don't be afraid to research and be mindful of your rights and obligations while still trying to respect your users'. 

The CCPA is largely aimed at promoting transparency and thwarting the unauthorized sale/misuse of data. There's nothing wrong with that and nothing to panic about. 

Again, we cannot account for the laws and regulations of every locale around the world. Even within the EU, different member states may have more stringent regulations than others. We try to help with basic universal compliance, but the software would fill a 1TB drive if we were to embark on China regulations, EU -> Great Britain regulations, EU -> Germany regulations, US -> Federal regulations, US -> California regulations, Russia regulations, etc. etc. Once we get past some universal functions like cookie banners, privacy/cookie pages and some basic member tools like export - you should take it from there based on advice from your own local counsel (not to be confused with the armchair experts with YouTube or Google law degrees!) 

I hope this helps. 

Thank you for posting this. It saves me a lot of time.

Link to comment
Share on other sites

At the rate California is adopting laws that protect crime, break businesses, favor and harbor illegal immigration, the homeless that make more money not working, plus the tax rate that breaks a persons back because they think your money is not yours but the states, there really wont be many people left that have brains,  jobs and internet to sue anyone. After all, the states not growing and the good people are leaving faster than the piles of sh#t left on the sidewalks. There really is a hell, it's called the state of California.

For those unhappy about the law you could always write
Democrat - Gavin Newson
Democrat - Robert Hertzberg
Democrat - Ed Chau

You could even write a letter to
Democrat - Jerry Moonbeam Brown too if you feel the need!

Someone will say ---> Tell us how you really feel!
Me ---> Ok, I just did..

Edited by DesignzShop
Link to comment
Share on other sites

  • 1 month later...
On 10/6/2019 at 9:45 AM, tonyv said:

With all the GDPR FUD that was out there I wonder how many admins here have felt the hammer fall and been sanctioned by the EU. :rolleyes: Has anyone here been served with a lawsuit yet? :rolleyes: 

I like PGE's approach after its equipment was blamed for the wildfires: Shut off power in areas where risk of fire is high on a given day. I think that's great. Open the wallet and pay for a generator...or be without power on those days. 

Well the GDPR is enforced by the government (let's be real... you really think they are going to go after some small community? lmao) however, CCPA is enforced by the public. Meaning california residents can sue the "company"...  Great video on CCPA which literally explains everything below 

 

Edited by GTAPoliceMods
Link to comment
Share on other sites

11 hours ago, GTAPoliceMods said:

Well the GDPR is enforced by the government (let's be real... you really think they are going to go after some small community? lmao) however, CCPA is enforced by the public. Meaning california residents can sue the "company"...  Great video on CCPA which literally explains everything below 

 

Time to block CA residents. Nothing new as CA wants to block air travel to states it doesn't agree with. Namely, states which are outlawing abortion. 

I've been following CA internet laws for some time. This is only the tip of the iceberg. Recently CA sued a popular Christian dating site because it only served two biological genders. Likewise, in my niche we have men and women bible studies. CA residents aren't worth serving in my opinion, after all the representatives they elect are making these policies. 

Shame companies subject themselves to CA internet laws by locating themselves in that communist state.

Edited by Christforums
Link to comment
Share on other sites

9 hours ago, Christforums said:

Time to block CA residents. Nothing new as CA wants to block air travel to states it doesn't agree with. Namely, states which are outlawing abortion. 

I've been following CA internet laws for some time. This is only the tip of the iceberg. Recently CA sued a popular Christian dating site because it only served two biological genders. Likewise, in my niche we have men and women bible studies. CA residents aren't worth serving in my opinion, after all the representatives they elect are making these policies. 

Shame companies subject themselves to CA internet laws by locating themselves in that communist state.

Believe half of what you see, and none of what you hear!  That video is just to gain views, like most media these days.  

Before freaking out like that video suggest everyone do, I would consult with someone who can explain the details properly without a fear approach. It will be business as usual for most in my personal opinion.  

 

Link to comment
Share on other sites

  • 1 month later...
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...