Jump to content

Community

Fast Lane!

CCPA Compliance (next big GDPR) on IPB?

Recommended Posts

On 10/8/2019 at 3:55 PM, SJ77 said:

Thanks Man!

joseph gordon levitt cheers GIF by hoppip

Sorry.... but a gif saying everything will be "ok" doesn't quite cut it does it?

Work hard to make $100..... and almost unlimited risk if the wrong dept in CA focuses on your website?  How is it worth it again?

Risk/Reward... Hmmmm

Share this post


Link to post
Share on other sites
7 hours ago, TheWorldNewsMedia.org said:

Sorry.... but a gif saying everything will be "ok" doesn't quite cut it does it?

Work hard to make $100..... and almost unlimited risk if the wrong dept in CA focuses on your website?  How is it worth it again?

Risk/Reward... Hmmmm

I'm not sure why this isn't being taken as seriously as GDPR. It's huge.

Edited by Fast Lane!

Share this post


Link to post
Share on other sites
22 hours ago, TheWorldNewsMedia.org said:

Sorry.... but a gif saying everything will be "ok" doesn't quite cut it does it?

Work hard to make $100..... and almost unlimited risk if the wrong dept in CA focuses on your website?  How is it worth it again?

Risk/Reward... Hmmmm

No, it doesn't California Has gone totally bonkers. It's so stupid. Yet we keep voting for the same bozo's, I really don't understand it!!! Why is Newsome in office again? He's absolutely horrible.

Share this post


Link to post
Share on other sites

As a corporate legalese disclaimer: while we try to provide basic tools to help you achieve compliance with relevant laws and regulations, the onus of ensuring compliance with your local jurisdiction and that of your visitors, falls upon you. If in doubt, we always recommend seeking out the service of a local attorney. 

CCPA is actually far less restrictive than the GDPR so there is no cause for hysteria (I will concede when I saw the headline months ago, I thought "oh dear, what is the United State of California up to now?" As far as California regulations go, this is actually fairly reasonable. 🙂

If you already comply with the GDPR, you really don't need to do much different for CCPA. The key takeaways, in our opinion, are:

- You must have a cookie policy. You seemingly do not need to obtain explicit consent, but I would recommend the cookie banner and you should always have a privacy policy. You do need to be transparent and document how you use cookies. 

- We have not built the software with the intention of mining and selling your user data and we have no plans of doing so. If you are selling or otherwise using user information for financial gain, there are in fact requirements under the CCPA - notably a banner or similar disclaimer that allows the visitor to prohibit you from selling the information. That is up to you to work out and not within the scope of Invision Community. 

- As with the GDPR, the rules can change when you get into third party advertising, what the third party is receiving and how it is being used. Again, it is unfortunately up to you to ensure compliance. 

- Similar to the GDPR, the CCPA does provide for a right-to-erasure. It is important to note that just because someone says "I want my account deleted" - that does not mean you are legally required to do so under all circumstances and this is true with the GDPR as well. For example, we will not purge the record of a recent customer. You should speak to your accountant regarding federal record keeping requirements, but federal law trumps the CCPA and even if that were not the case, the CCPA itself provides for exceptions. I've seen customers panic at a request and wipe a customer and their history, so don't be afraid to research and be mindful of your rights and obligations while still trying to respect your users'. 

The CCPA is largely aimed at promoting transparency and thwarting the unauthorized sale/misuse of data. There's nothing wrong with that and nothing to panic about. 

Again, we cannot account for the laws and regulations of every locale around the world. Even within the EU, different member states may have more stringent regulations than others. We try to help with basic universal compliance, but the software would fill a 1TB drive if we were to embark on China regulations, EU -> Great Britain regulations, EU -> Germany regulations, US -> Federal regulations, US -> California regulations, Russia regulations, etc. etc. Once we get past some universal functions like cookie banners, privacy/cookie pages and some basic member tools like export - you should take it from there based on advice from your own local counsel (not to be confused with the armchair experts with YouTube or Google law degrees!) 

I hope this helps. 

Share this post


Link to post
Share on other sites
20 minutes ago, SJ77 said:

Regardless, it's frustrating that the world is coming to a point where folks need to consult an attorney just to operate a basic web forum. 

I intentionally moved our server from out of CA after reading of a new internet bill which holds a server located in CA subject to penalty of law any information located on the server which IMO goes against the Liberal/Dem narrative. Religious groups for example are coming under fire. Basically anybody can put their face to an article and claim damages. 

I just thought it would be safer to remove our site from CA. I wouldn't doubt if organizations try to enforce the GDPR in America. That is, foreign laws on U.S. soil. 

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1424

Edited by Christforums

Share this post


Link to post
Share on other sites
On 11/4/2019 at 12:00 AM, Lindy said:

As a corporate legalese disclaimer: while we try to provide basic tools to help you achieve compliance with relevant laws and regulations, the onus of ensuring compliance with your local jurisdiction and that of your visitors, falls upon you. If in doubt, we always recommend seeking out the service of a local attorney. 

CCPA is actually far less restrictive than the GDPR so there is no cause for hysteria (I will concede when I saw the headline months ago, I thought "oh dear, what is the United State of California up to now?" As far as California regulations go, this is actually fairly reasonable. 🙂

If you already comply with the GDPR, you really don't need to do much different for CCPA. The key takeaways, in our opinion, are:

- You must have a cookie policy. You seemingly do not need to obtain explicit consent, but I would recommend the cookie banner and you should always have a privacy policy. You do need to be transparent and document how you use cookies. 

- We have not built the software with the intention of mining and selling your user data and we have no plans of doing so. If you are selling or otherwise using user information for financial gain, there are in fact requirements under the CCPA - notably a banner or similar disclaimer that allows the visitor to prohibit you from selling the information. That is up to you to work out and not within the scope of Invision Community. 

- As with the GDPR, the rules can change when you get into third party advertising, what the third party is receiving and how it is being used. Again, it is unfortunately up to you to ensure compliance. 

- Similar to the GDPR, the CCPA does provide for a right-to-erasure. It is important to note that just because someone says "I want my account deleted" - that does not mean you are legally required to do so under all circumstances and this is true with the GDPR as well. For example, we will not purge the record of a recent customer. You should speak to your accountant regarding federal record keeping requirements, but federal law trumps the CCPA and even if that were not the case, the CCPA itself provides for exceptions. I've seen customers panic at a request and wipe a customer and their history, so don't be afraid to research and be mindful of your rights and obligations while still trying to respect your users'. 

The CCPA is largely aimed at promoting transparency and thwarting the unauthorized sale/misuse of data. There's nothing wrong with that and nothing to panic about. 

Again, we cannot account for the laws and regulations of every locale around the world. Even within the EU, different member states may have more stringent regulations than others. We try to help with basic universal compliance, but the software would fill a 1TB drive if we were to embark on China regulations, EU -> Great Britain regulations, EU -> Germany regulations, US -> Federal regulations, US -> California regulations, Russia regulations, etc. etc. Once we get past some universal functions like cookie banners, privacy/cookie pages and some basic member tools like export - you should take it from there based on advice from your own local counsel (not to be confused with the armchair experts with YouTube or Google law degrees!) 

I hope this helps. 

Thank you for posting this. It saves me a lot of time.

Share this post


Link to post
Share on other sites

At the rate California is adopting laws that protect crime, break businesses, favor and harbor illegal immigration, the homeless that make more money not working, plus the tax rate that breaks a persons back because they think your money is not yours but the states, there really wont be many people left that have brains,  jobs and internet to sue anyone. After all, the states not growing and the good people are leaving faster than the piles of sh#t left on the sidewalks. There really is a hell, it's called the state of California.

For those unhappy about the law you could always write
Democrat - Gavin Newson
Democrat - Robert Hertzberg
Democrat - Ed Chau

You could even write a letter to
Democrat - Jerry Moonbeam Brown too if you feel the need!

Someone will say ---> Tell us how you really feel!
Me ---> Ok, I just did..

Edited by DesignzShop

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...